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(57) The present invention provides a communica- 
tions system that Includes a plurality of networks con- 
nected to a global network and having as essential com- 
ponents, for each network, at least one routing server 
and a radio base station connected to the one routing 
server to communicate using radio signals with one mo- 
bile radio unit connected to a terminal or a host, and, 
when one mobile radio unit or a host connected to one 



network Is transmitting data to another mobile radio unit 
connected to another network, and if a destination ad- 
dress resolution is required, a communications system 
managing server responds to a destination address res- 
olution request transmitted from the one mobile radio 
unit or the host, and transmits an IP address allocated 
to the other mobile radio unit by the currently connected 
routing server to the one mobile radio unit or the host. 
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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention 

[0001] The present invention relates to a communica- 
tions system managing server for managing mobile ra- 
dio units moving in IP networks and communicating 
through IP, including wireless communication areas. 
[0002] Also, the present invention relates to a routing 
server and to a mobiie unit managing server that can 
ensure security even when a user travels between dif- 
ferent networks. 

[0003] Also, the present invention relates to an area 
managing server that enables reduction in network traf- 
fic. 

Brief Description of the Related Art 

[0004] The Internet provides an environment that an- 
yone can access and has evolved into a large global 
network. For example, a communications terminal con- 
nected to one network and a communications terminal 
connected to another network can communicate with 
each other via the Internet. 

[0005] Also, In the past, methods have been exam- 
ined to enable communication, even when a communi- 
cations terminal passes from one network to another 
network. In addition, in wired Intranet systems main- 
tained by Individual businesses, unauthorized access to 
an internal network of each business is generally pre- 
vented by restricting access using firewalls. 
[0006] Such communications between terminals 
through the Internet are carried out conventionally by 
using a DNS (domain name system) server, and infor- 
mation is transmitted or received by converting an 
FQDN (fully qualified domain name) into an IP address, 
or converting an IP address to an FQDN. 
[0007] Also known are communications systems that 
allow a terminal to communicate with another terminal 
by radio while the user is moving. In this communica- 
tions system, If the terminal registered with a home serv- 
er (referred to as the home agent HA) Is to be connected 
to a different server (referred to as the foreign agent FA), 
the terminal receives announcements being transmitted 
by the FA through multicasting. The terminal thus real- 
izes that it is not inside the communications area served 
by the HA, so that a registration request is transmitted 
to the FA. Upon receiving the request, the FA carries out 
authentication processing with the HA. When the au- 
thentication processing Is completed, a tunnel is estab- 
lished between the FA and the HA, and authentication 
processing of the terminal Is carried out. By following 
such a procedure, the terminal Is able to communicate 
even when it is outside the communications area served 
by the home agent. 

[0008] Accordingly, Mobile IP, which allows reception 
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of IP packets even when traveling between different IP 
networks, is becoming popular. 
[0009] However, according to the conventional tech- 
nology described above, the use of the conventional 
s DNS server in management of mobile terminals 
traveling between the networks results In a change in 
its I P address for every transition of the mobile terminal 
or mobile radio unit using radio waves for communica- 
tion, so that such a DNS server has difficulty in knowing 
10 the current location of the mobile radio unit. This is be- 
cause a conventional DNS server does not take Into ac- 
count the possibility that the location of a terminal may 
change, and in addition, it is not practical to provide such 
a capability to existing DNS servers. 

« [0010] In addition, there has been a problem in that 
Mobile IP is a heavy system. That is, any attempt to In- 
troduce Mobile IP must meet a requirement that all IP 
networks (including existing Intranets) have respective 
home agents (HA) and foreign agents (FA). Further- 

2 ° more, when the mobile terminal is being moved quickly 
or when the eel! structure is small so that zones are 
crossed frequently, it is necessary to track the location 
of the mobile terminal In real-time; otherwise, there Is a 
danger that tracking may be lost, but such an approach 

2 * invites excessive Agent advertisement. 

[001 1] Also, If there is an attempt to ensure the same 
degree of security with the FA as with the HA, It is nec- 
essary to transmit security information containing the 
security information from the HA to the FA for ever y lo- 

30 cation of the mobile terminal. Therefore, if the security 
information is forwarded to every location of the mobile 
terminal, this leads to a problem of excessive increase 
in network traffic. 

[0012] Also, "Mobile IP" does not have a capability to 
35 restrict acc ess, and the security level of the mobile ter- 
minal is limited by the security level of the network itself. 
Therefore, a required security level could not be main- 
tained when a mobile terminal travels from the home 
network to another network. Thus, in this case, there has 
40 been a problem in that the conventional technology 
could not ensure the security level of the mobiie terminal 
In other networks. 

[0013] Also, ail post-authentication communication is 
though the HA, so that the security level could not be 
45 changed for each network to which the mobile terminal 
may be connected. 

[0014] In a system connecting one network to another 
network with cables, ft Is certainly easily possible to pro- 
tect secret information by providing a firewall between 

50 the one network and other networks. By applying a sim- 
ilar consideration to the wireless system, it may be 
thought that the security Information can be protected 
by providing a firewall at the Junction to a wireless LAN 
(local area network). However, it is not realistic to expect 

55 to ensure security of communication by this method for 
the mobile terminal that can travel over a wide area 
across an entire country. 
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SUMMARY OF THE INVENTION 

[0015] The present invention is provided in view of the 
situation described above, and It is an object of the 
present invention to provide a communications system 
that, even when a mobile terminal or mobile radio unit 
travels through various networks, enabies greatly sup- 
pressing increased load on the network and to offer re- 
liability (accurately recogniz ing individual mobile termi- 
nals so as not to cause terminals to become untracea- 
ble, i.e., lost). 

[001 6] Also, the present invention provides a commu- 
nications system that maintains the security level pro- 
vided by the home network in a foreign network. 
[0017] Also, the present invention is provided in view 
of the situations described above such that another ob- 
ject is to provide, in a wireless network in which radio 
units having different security levels coexist, a routing 
server and a mobile unit managing server that can pro- 
vide security of communication, even when the mobile 
terminal travels through a plurality of such networks. 
[0018] Also, the present invention is provided in view 
of the situations described above such that another ob- 
ject Is to provide, an area managing serverthat enables 
reduction of the traffic in the network, and to enable 
change of the security level for each network. 
[0019] To achieve the objects described above, the 
present invention provides a radio communications sys- 
tem for a plurality of networks connected to a global net 
work comprised of essential components, for each net- 
work, including at least one routing server and a radio 
base station connected to the routing server to commu- 
nicate using radio signals with a mobile radio unit con- 
nected to a terminal, wherein a communications system 
managing server is provided for managing addresses of 
the mobile radio unit traveling between the networks. 
[0020] Also, the above radio communication system 
provides a feature that the communications system 
managing server further performs a security managing 
operation to determine whether or not to permit commu- 
nication of the mobile radio unit traveling between the 
networks with other communications devices. 
[0021] Also, the above radio communication system 
provides a feature that when one mobile radio unit or a 
host connected to one of the networks attempts to com- 
municate with another mobile radio unit connected to 
another network, in response to a destination address 
resolution request transmitted from the one mobile radio 
unit or the host, an Internet Protocol address allocated 
to the other mobile radio unit by a routing server current- 
ly connected to the other mobile radio unit is notified to 
the one mobile radio unit or the host. 
[0022] Also, the present Invention provides a commu- 
nications system managing server which is provided In 
a radio communications system for a plurality of net- 
works connected to a global network comprised of es- 
sential components, for each network, including at least 
one routing server and a radio base station connected 



to the routing server to communicate using radio signals 
with a mobile radio unit connected to a terminal, and is 
so connected to the global network wherein when one 
mobile radio unit or a host connected to one of the net- 
5 works attempts to communicate with another mobile ra 
dio unit connected to another network, and If a destina- 
tion address resolution Is required, in response to a des- 
tination address resoiution request transmitted from the 
one mobile radio unit or the host, an Internet Protocol 

10 address allocated to the other mobile radio unit by a 
routing server currently connected to the other mobile 
radio unit is notified to the one mobile radio unit or the 
host by the communications system managing server. 
[0023] Also, the present invention provides a commu- 

'5 nications system managing server which is provided in 
a radio communications system for a plurality of net- 
works connected to a global network comprised of es- 
sential components, for each network, including at least 
one routing server and a radio base station connected 

*o to the rout ing serverto communicate using radio signals 
with a mobile radio unit connected to a terminal, and is 
so connected to the global network wherein when one 
mobile radio unit or a host connected to one of the net- 
works attempts to communicate with another mob ile ra- 

25 dio unit connected to another network and is controlled 
by a routing serverthat is not controlled by a home mo- 
bile unit managing server, and If a destination address 
resolution is required, an Internet Protocol address al- 
located to the other mobile radio unit by the routing serv- 

30 er that is not controlled by the home mobile unit manag- 
ing server is notified to the one mobile radio unit or the 
host by the communications system managing server. 
[0024] Also, the present Invention provides a method 
for managing a mobile radio unit traveling between net- 

35 works in a radio communications system for a plurality 
of networks connected to a global network comprised of 
essential components, for each network, including at 
least one routing server and a radio base station con- 
nected to the routing serverto communicate using radio 

40 signals with a mobile radio unit connected to the terminal 
wherein when one mobile radio unit or a host connected 
to one of the networks attempts to communicate with 
another mobile radio unitconnecte d to another network 
and is controlled by a routing serverthat is not controlled 

45 by a home mobile unit managing server, and if a desti- 
nation address resolution is required, an Internet Proto- 
col address allocated to the other mobile radio unit by 
the routl ng server that is not controlled by the home 
mobile unit managing server is notified to the one mobile 

50 radio unit or the host 

[0025] Also, the present method provides a feature 
that the communications system managing server fur- 
ther performs a security managing operation to deter- 
mine whetheror notto permit communication of the mo- 

55 bile radio unit traveling between the networks with other 
communications devices. 

[0026] Also, the present invention provides a record- 
ing medium having a computer-readable program for 
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managing a mobile radio unit traveling between net- 
works in a radio communications system for a plurality 
of networks connected to a global network comprised of 
essential components, for each network, Including at 
least one routing server and a radio base station con- 
nected to the routing server to communicate using radio 
signals with the mobile radio unit connected to a termi- 
nal, wherein the computer -readable program executes 
a process in such a way that, when one mobile radio 
unit or a host connected to one of the networks attempts 
to communicate with another mobile radio unit connect- 
ed to another network and is controlled by a routing serv- 
er that is not controlled by a home mobile unit managing 
server, and if a destination address resolution is re- 
quired, an Internet Protocol address allocated to the oth- 
er mobile radio unit by the routing server that is not con- 
trolled by the home mobile unit managing server is no- 
tified to the one mobile radio unit or the host. 
[0027] Also, the present method provides a feature 
that the computer-readable program further comprises 
a process for performing a security managing operation 
to determine whether or not to permit the mobile radio 
unit traveling between networks to communicate with 
another communications device. 
[0028] Aiso, the present invention provides a mobile 
radio unit managing program for managing a mobile ra- 
dio unit traveling between networks In a radio commu- 
nications system for a plurality of networks connected 
to a global network comprised of essential components, 
for each network, including at least one routing server 
and a radio base station connected to the routing server 
to communicate using radio signals with a mobile radio 
unit connected to a terminal, wherein the mobile radio 
unit managing program executes a process in such a 
way that, when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate with 
another mobile radio unit connected to another network 
and is controlled by a routing server that is not controlled 
by a home mobile unit managing server, and if a desti- 
nation address resolution is required, an Internet Proto- 
col address allocated to the other mobile radio unit by 
the routing server that is not controlled by the home mo- 
bile unit managing server is notified to the one mobile 
radio unit or the host. 

[0029] Also, the above mobile terminal managing pro- 
gram provides a feature that the mobile terminal man- 
aging program includes a process for managing security 
operations to determine whether or not to permit the mo- 
bile radio unit traveling between the networks to com- 
municate with other communications devices. 
[0030] According to the present invention, for destina- 
tion address resolution of one mobile radio unit or a host 
connected to a network of the plurality of networks com- 
municating with another mobile radio unit connected to 
another network, in response to an destination address 
resolution request transmitted from the one mobile ter- 
minal or the host, an IP address (global IP address) al- 
located to the other mobile radio unit Is given to the one 
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mobile radio unit or the host, so that even when a mobile 
radio unit travels between networks, destination ad- 
dress resolution can be provided while greatly reducing 
the load on the network. 

5 [0031] Also, according to the present Invention, for 
destination address resolution of one mobile radio unit 
or a host connected to a network of the plurality of net- 
works communicating with another mobile radio unit 
connected to the other networks not managed by a rout- 

w ing server controlled by the home mobile unit managing 
server of the other mobile radio unit, an IP address al- 
located to the other mobile radio unit by the routing serv- 
er currently connected to the other mobile radio unit Is 
transmitted to the one mobile radio unit or the host, so 

19 that a communications system having high reliability (I. 
e., a high reliability in Identifying the mobile radio unit 
accurately and avoiding losing track of the mobile radio 
unit), and to transmit data packets to the destination of 
the other mobile radio unit connected to the other net- 

20 work without tr ansferring through the home mobile unit 
managing server of the other mobile radio unit, 
[0032] Also, according to the present invention, be- 
cause security management operation of determining 
whether or not to permit communication between a mo- 

25 bile radio unit trave ling between networks and other 
communications device, the present communications 
system enables the maintenance of the same security 
level as that provided In the home network by the home 
mobile unit managing server to the mobile radio unit in 

30 the destination network. That is, the present communi- 
cations system is ideal for application to an Intranet sys- 
tem that requires flexibility for the mobile radio unit to 
travel between different networks. 
[0033] Further, to achieve the objects, the present In- 

35 vention provides a routing server in a communications 
system having at least one routing server connected to 
a network for connecting to a radio base station to com- 
municate using radio signals with a mobile radio unit 
connected to an Information terminal, comprising: a first 

40 security information storage device for storing the secu- 
rity information to Instruct whether or not to permit com- 
munication between the mobile radio unit and an infor- 
mation communications device connected to the net- 
work; and a communication control d evice to control, 

43 when it is necessary to establish communication be- 
tween the mobile radio unit and the Information commu- 
nications device, whether or not to establish communi- 
cation between the mobile radio unit and the information 
communications device, based on the security Informa- 

so tlon stored In the first security information storage de- 
vice. 

[0034] Also, the present invention further provides a 
mobile unit managing server which Is provided in a com- 
munications system having at least one routing server 
ss connected to a network for connecting to a radio base 
station to communicate using radio signals with a mobile 
radio unit connected to an Information terminal, and is 
connected to the routing server, comprising: a second 
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security information storage device for storin g the se- 
curity information to instruct whether or not to permit 
each mobile radio unit affiliated with the mobile unit 
managing server as Its home mobile unit managing 
server to communicate with an information communica- s 
tions device connected to the network; and a security 
information transmitting control device to control trans- 
mitting of the security information in such a way that, 
when the mobile radio unit travels and a connecting rout- 
ing server is changed, in response to a security infor- 
mation transmission request from the connecting rout- 
ing server, reads out the security information stored in 
the second security information storage device and 
transmits the readout security Information to the con- 
necting routing server. 

[0035] According to the present invention, because 
the security information to instruct whether or not to per- 
mit communication between the mobile radio unit and 
an information communications device connected to the 
common network is read out from the home mobile unit 
managing server and the readout security information 
is set in a routing server connected to the mobile radio 
unit at the destination, and security management of 
whether or not to permit communication is controlled ac- 
cording to the set security information, security of com- 
munication can be maintained even when the mobile ra- 
dio unit travels between networks. 
[0036] Also, according to the present invention, secu- 
rity of communication can be ensured for each mobile 
radio unit so that even if a large number of firms joined 
the same network, Intranet capability for each firm can 
be realized within the same network so that the commu- 
nications system is suitable for businesses that travel 
over a wide area, as well as for businesses that ex- 
change internal company information wlrelessly to ena- 
ble access of data from any network at the travel desti- 
nation while maintaining the same security level. 
[0037] To achieve the object, the present Invention 
provides an area managing server for serving in a net- 
work of a radio communications system that includes a 
pluralit y of networks connected to a global network and 
having at least one routing server connected to the net- 
work; a radio base station connected to the routing serv- 
er and communicating using radio signals with a mobile 
radio unit connected to a terminal; and a mobile unit 
managing server for managing the security information 
for determln Ing whether or not to permit the mobile radio 
unit and a communications device connected to the net- 
work to communicate with each other; wherein the area 
managing server obtains the security information from 
a home mobile unit managing server of the mobile radio 
unit, and transmits the obtained security Information to 
a routing server at the travel destination, which is con- 
trolled by the area managing server and which is located 
outside of a home network of the mobile radio unit, com- 
prising: a memory device for storing the security infor- 
mation; an information managing device for managing 
the security information in such a way that the security 



information transmitted from the home m oblle unit man- 
aging server to a routing server at the travel destination 
is received and stored in the memory device, and, when 
the mobile radio unit travels further from a communica- 
tions area of the routing server at the further travel des- 
tination to a communications area of another routing 
server controlled by the area managing sever, the area 
managing server responds to a security information 
transmission request transmitted from the other routing 
sewer, and reads out the security Information of the mo- 
bile radio unit stored in the memory device, and trans- 
mits readout the security Information to the other routing 
server. 

[0038] The area managing server above provides a 
feature that, when the mobile radio unit travels to a com- 
munications area controlled by another routing server 
not controlled by the home mobile unit managing server, 
prior to the information managing device transmitting 
the security information, an authentication process of 
the mobile radio unit is completed between the other 
routing server not controlled by the home mobile unit 
managing server and the home mobile unit managing 
server. 

[0039] Also, the present invention provides a method 
of operating a radio communications system that in- 
cludes a plurality of networks connected to a global net- 
work and having at least one routing server connected 
to a network; a radio base station connected to the rout- 
ing server and communicating using radio signals with 
amobile radio unit connected to aterminal; a mobile unit 
managing server for managing the security information 
for determining whether or not to permit the mobile radio 
unit and a communications device connected to the net- 
work to communicate with each other; and an area man- 
aging server for obtaining the security information from 
a home mobile unit managin g server of the mobile radio 
unit, and transmitting the obtained security information 
to a routing server at the travel destination, which is con- 
trolled by the area managing server and which is located 
outside of a home network of the mobile radio unit; wh 
erein the security information transmitted from the home 
mobile unit managing server to a routing server at the 
travel destination is received and stored, and when the 
mobile radio unit travels further from a communications 
area of the routing server at the travel destination to a 
communications area of another routing server control- 
led by the area managing sever, the area managing 
server responds to a security information transmission 
request transmitted from the other routing server, and 
reads out the security information of the mobile radio 
unit stored in the memory device, and transmits the re- 
adout security Information to the other routing server. 
[0040] Also, the present invention provides a commu- 
nication program for execution by a computerto operate 
a radio communications system that includes a plurality 
of networks connected to a global network and having 
at least one routing server connected to a network; a 
radio base station connected to the one routing server 
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and communicating using radio signals with a mobile ra- 
dio unit connected to a terminal; a mobile un it managing 
server for managing the security information for deter- 
mining whether or not to permit the mobile radio unit and 
a communications device connected to the network to s 
communicate with each other; and an area managing 
server for obtaining the security information from a 
home mobile unit managing server of the mobile radio 
unit, and transmitting the obtained security information 
to a routing server at the travel destination , which is con- 
trolled by the area managing server and which is located 
outside of a home network of the mobile radio unit; the 
program includes: a step of receiving the security infor- 
mation transmitted from the home mobile unit managing 
serverto the routing server at the travel destination; and 
a step of transmitting the security information, when the 
mobile radio unit travels further from a communications 
area of the routing server at the travel destination to a 
communications area of another routing server at the 
travel destination controlled by the area managing sev- 
er, by reading out and transmitting the security informa- 
tion of the traveling mobile radio unit stored in the mem- 
ory device to the other routing server at the travel des- 
tination, in response to a security information transmis- 
sion request transmitted from the other routing server at 
the travel destination. 

[0041 ] Also, the present invention provides a compu- 
ter-readable recording medium having a communica- 
tion program for execution by a computer to operate a 
radio communlcatlo ns system that Includes a plurality 
of networks connected to a global network and having 
at least one routing server connected to a network; a 
radio base station connected to the one routing server 
and communicating using radio signals with a mobile ra- 
dio unit connected to a terminal; a mobile unit managing 
server for managing the security information for deter- 
mining whether or not to permit the mobile radio unit and 
a communications device connected to the network to 
communicate with each other; and an are a managing 
server for obtaining the security information from a 
home mobile unit managing server of the mobile radio 
unit, and transmitting the obtained the security informa- 
tion to a routing server at the travel destination, which 
is controlled by the area managing server and which is 
located outside of a home network of the mobile radio 
unit; the program includes: a step of receiving the secu- 
rity information transmitted from the home mobile unit 
managing server to the routing server at the travel des- 
tination; and a step of transmitting the security informa- 
tion, when the mobile radio unit travels further from a 
communications area of the routing server at the travel 
destination to a communications area of another routing 
server at the travel destination controlled by the area 
managing sever, by reading out and transmitting the se- 
curity Information of the traveling mobile radio unit 
stored in the memory device to the other routing server 
at the travel destination, In response to a security infor- 
mation transmission request transmitted from the other 



routing server at the travel destination. 
[0042] According to the present invention, the com- 
munications system is designed so that: the security in- 
formation is transferred from the home mobile unit man- 
aging server and is received and stored in a memory 
device in a routing server at a transferred location so 
that, when the mobile radio unit further travels to another 
routing server at the travel destination controlled by the 
same area managing server, in response to a request 
from the other routing server at the travel destination, 
the security information stored in the memory device Is 
read out and the readout security information is trans- 
mitted to the other routing server at the travel destina- 
tion. Therefore, when the mobile terminal travels out of 
the home network, resulting in transferring from a rout- 
ing server under control of the area managing serverto 
another routing server under the control of the same ar- 
ea managing server, the system enables reduction of 
the number of transmissions required to deliver the se- 
curity information from the home mobile unit managing 
server, and accordingly, the load on the network can be 
reduced, and further, an advantage is gained in that the 
security level can be altered for each network to suit in- 
dividual purposes. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0043] In the following, preferred embodiments of the 
present invention will be explained with reference to the 
drawings, in which like elements bear like reference 
numbers, and wherein: 

Figure 1 is a diagram to explain the structure of the 
communications system in a first embodiment in a 
first viewpoint of the present invention; 
Figure 2 is a diagram to explain the authentication 
operation of a mobile radio unit ML001 in the com- 
munications system; 

Figure 3 Is a diagram to show the sequence of op- 
eration of the communications system; 
Figure 4 Is a diagram to explain the operation of re- 
ceiving data when the mobile radio unit ML001 is 
traveled to an area different from the home network; 
Figure 5 is a schematic block diagram of the struc- 
ture of the communications system managing serv- 
er 10; 

Figure 6 is a diagram to show an example of the 
information stored In the mobile radio unit database 
section 13 of the communications system managing 
server; 

Figure 7 is a schematic block diagram of the struc- 
ture of the mobile unit managing server MDBSX2; 
Figure 8 is a diagram to show an example of the 
Information stored in the mobile radio unit database 
section 83 of the mobile unit managing server 
MDBSX2; 

Figure 9 Is a schematic block diagram of the struc- 
ture of the routing server RSY3; 
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Figure 10 is a diagram to show an example of the 
information stored in the mobile radio unit database 
section 93 of the routing server RSY3; 
Figure 1 1 is a diagram to explain the structure of the 
communications system in another embodiment in 5 
the first viewpoint of the present invention; 
Figure 12 is a diagram to explain the sequence of 
operation of the communications system in the em- 
bodiment shown in Figure 11; 
Figure 1 3 is a diagram to show the sequence of op- 10 
eration in still another embodiment of the commu- 
nications system in the first viewpoint of the present 
invention; 

Figure 14 is a diagram to show the sequence of op- 
eration in a further embodiment of the communica- « 
tions system In the first viewpoint of the present in- 
vention; 

Figure 1 5 is a diagram to show the sequence of op- 
eration in another embodiment of the communica- 
tions system in the first viewpoint of the present in- 20 
vention; 

Figure 1 6 is a schematic block diagram of the struc- 
ture provided with the routing server in a first em- 
bodiment in a second viewpoint of the present in- 
vention; 25 
Figure 1 7 is a schematic block diagram of the struc- 
ture of a routing server RSA3; 
Figure 18 is a diagram to explain one example of 
the security information stored in the security infor- 
mation storage section 213; 30 
Figure 19 is a schematic block diagram to explain 
the structure of the mobile unit managing server 
MDBSA1; 

Figure 20 is a diagram to show an example of the 
security information stored in the security informa- 35 
tion storage section 23; 

Figure 21 is a flowchart to show the operation of a 
routing server, mobile unit managing server in the 
embodiment shown in Figure 16; 
Figure 22 is a schematic diagram of the communi- *o 
cations system in another embodiment in a second 
viewpoint of the present Invention; 
Figure 23 Is a diagram to explain the operation of 
the security information setting process when the 
mobile radio unit ML001 is traveled itself from a 45 
communications area served by the routing server 
RSA3 to a communications area served by the rout- 
ing server RSA2; 

Figure 24 is a flowchart of the security information 
setting process when the mobile radio unit ML001 so 
is traveled from a communications area served by 
the routing server RSA2 to a communications area 
served by the routing server RSA4; 
Figure 25 is a flowchart of the operation performed 
when the mobile radio unit ML001 travels among *5 
the foreign network; 

Figure 26 is a schematic block diagram of the struc- 
ture provided with the area managing server in a 



first embodiment in a third viewpoint of the present 
invention; 

Figure 27 is a diagram to show an example of the 
security Information stored in the security informa- 
tion storage section 213; 

Figure 28 a diagram to show an example of the se- 
curity information stored in the security information 
storage section 23; 

Figure 29 is a schematic block diagram to explain 
the structure of the area managing server AMC3; 
Figure 30 is a diagram to show an example of the 
security information stored in the security informa- 
tion storage section 333; 

Figure 31 is a diagram of the sequence of operation 
of the embodiment shown In Figure 27; 
Figure 32 Is a diagram to explain the process of de- 
termining whether or not communication has been 
established according to the security information; 
Figure 33 is a diagram to explain the process of 
transmitting data to a mobile radio unit under the 
control of a routing server; 
Figure 34 Is a schematic block diagram to explain 
the structure of a mobile radio router and a terminal 
In another embodiment In a third viewpoint of the 
present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0044] In the following, a first embodiment In a first 
viewpoint of the present invention will be explained with 
reference to the drawings. 

[0045] Figure 1 is a schematic block diagram of the 
structure of the communications system in the first em- 
bodiment of the present invention. 
[0046] in this diagram, a communications system 
managing server 10 is connected to a global network 
100 and manages information (the IDs, the FQDNs, the 
Moblle-FQDNs, the IP addresses, home mobile unit 
managing server, the security information, i.e., access 
restricting information, currently affiliated mobile unit 
managing server, currently affiliated routing server; 
these are explained below) in a mobile radio unit ML001 
that travels between networks X and Y. 
[0047] The global network 1 00 is, for example, a net- 
work such as the Internet. The networks X and Y are 
subnetworks such as Intranets managed by providers X 
and Y, and are connected through the global network 
100. Firewalls FW11 , FW21 , FW31 and VPN (virtual pri- 
vate network) routers 11a, 21a, 31a are provided be- 
tween the global network 100 and the communications 
system managing server 10, and between the global 
network 100 and the networks X and Y, respectively. 
Here, the firewalls, FW11, FW21, FW31 have a NAT 
(network address translation) capability. The VPN router 
11a, VPN router 21a, VPN router 31a have a VPN ca- 
pability. 

[0048] RSX1 -RSX3, RSY1 -RS Y3 are routing servers 
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to provide routing of IP packets, and each of the routers 
RSX1-RSX3, RSY1-RSY3 is provided with at least one 
radio base station. 

[0049] The mobile radio unit ML001 is connected to 
information terminals such as computers or PDAs (per- 
sonal digital assistant), and transmit and receive various 
data to and from the routing server (RSX1-RSX3, 
RSY1-RSY3) through the radio base station. Also, the 
mobile radio unit ML001 has been given an identifier 
(the ID). In this embodiment, the home mobile unit man- 
aging serverforthe mobile radio unit ML001 is assumed 
to be a mobile unit managing server MDBSX2. 
[0050] Mobile unit managing servers 
MDBSX1-MDBSX2, MDBSY1-MDBSY3 manage re- 
spective identifiers (the ID) and the IP addresses of the 
routing servers RSX1 -RSX3, RSY1-RSY3, the radio 
base station, the mobile radio unit ML0Q1, and the in- 
formation terminal. The routing server has a capability 
to allocate an IP address to mobile radio units affiliated 
to itself (refer to Japanese Patent Application, First Pub- 
lication, 2000-156887). 

[0051 ] Next, authentication process for authenticating 
the mobile radio unit ML001 in the destination-network 
in the system shown in Figure 1 will be explained with 
reference to Figures 2, 3. Figure 2 is a diagram for ex- 
plaining the authentication process, and Figure 3 is a 
diagram for explaining the sequences for the authenti- 
cation process. In this example, the mobile radio unit 
ML001 under the control of the mobile unit managing 
server MDBSX2 travels to an area within the communi- 
cations area of a radio base station under the control of 
a routing server RSY3. The corresponding parts in Fig- 
ures 2 and 3 are given the same reference numbers and 
their explanations are omitted. 
[0052] First, after moving Into the communications ar- 
ea served by the radio base station of the routing server 
RSY3, the mobile radio unit ML001 transmits its own ID 
and a registration request to the routing server RSY3 
through the radio base station (Figure 1, notation (1); 
step S1 in Figure 3). 

[0053] The routing server RSY3 temporarily holds the 
ID of the mobile r adio unit ML001 and the registration 
request transmitted by the mobile radio unit ML001 , and 
then, transmits the ID of the mobile radio unit ML001 
and an authentication request, and also transmits a 
FQDN (FQDN, in this case, is "rsyS.provldery") and the 
IP address of the routing server RSY3 (Figure 2, nota- 
tion (2); step S2 in Figure 3). 

[0054] The mobile unit managing server MDBSY3 
temporarily holds the ID of the mobile radio unit ML001 
and the authentication request, and the FQDN and the 
IP address of the routing server RSY3 transmitted by 
the routing server RSY3, and then, it determines wheth- 
er or not the mobile radio unit is under its control accord- 
ing to the ID of the mobile radio unit ML001. Because 
the mobile unit managing server MDBSY3 does not 
manage the mobile radio unit ML001 , the ID of the mo- 
bile radio unit ML001, a destination address resolution 



request and the IP address of the mobile unit managing 
server MDBSY3 are transmitted to a DNS (Domain 
Name Server) 21 (Figure 2, notation (3); step S3 in Figur 

9 3). 

5 [0055] The DNS 21 determines whether or not it is a 
mobiie radio unit under its control according to the ID of 
the mobile radio unit ML001 transmitted by the mobile 
unit managing server MDBSY3. Because the DNS 21 
does not manage the mobile radio unit ML001 , this in- 
fo formation is transmitted to the mobile unit managing 
server MDBSY3 as the destination address resolution 
response (Figure 2, notation (4); step S4 in Figure 3). 
Upon receiving the destination address resolution re- 
sponse from the DNS 21, the mobile unit managing 

15 server MDBSY3 transmits the ID of the mobile radio unit 
ML001 and the authentication request and the FQDN of 
the routing server RSY3 and the IP address of mobile 
unit managing server MDBSY3 to the communications 
system managing server 10 through the firewall FW21 , 

20 the VPN router 21a, the VPN router 31 a and the firewall 
FW31 (Figure 2, notation (5); step S5 in Figure 3). 
[0056] Upon receiving the ID of the mobile radio unit 
ML001 and the authentication request and the FQDN of 
the routing server RSY3 and the IP address of the mo- 

25 bile unit managing server MDBSY3 from the mobile unit 
managing server MDBSY3, the communications system 
managing server 10 stores information that the mobile 
radio unit ML001 has traveled to an area under the con- 
trol of the mobile unit managing server MDBSY3, and 

30 retrieves the home mobile unit managing server of the 
mobile radio unit ML001 according to the ID of the mo- 
bile radio unit ML001 . in this example, it is detected that 
the home mobile unit managing server of the mobile ra- 
dio unit ML001 is the mobile unit managing server 

35 MDBSX2. Then, the communications system managing 
server 1 0 transmits the ID of the mobile radio unit ML001 
and authentication request and the FQDN of the routing 
server RSY3 and the IP address of the communications 
system managing server 1 0 to the mobiie un It managing 

40 server MDBSX2 through the fire wall FW31 , the VPN 
router 31a, VPN 11a, and firewall FW11 (Figure 2, no- 
tation (6); step S6 In Figure 3). 
[0057] The mobile unit managing server MDBSX2 
temporarily holds the ID of the mobile radio unit ML001 

45 and authentication request and the FQDN of the routing 
server RSY3 and the IP address of the communications 
system managing server 1 0 transmitted by the commu- 
nications system managing server 1 0. Next, the mobile 
unit managing server MDBSX2 finds that the mobile ra- 

50 dio unit ML001 is a routing server that is under its control 
according to the ID of the mobile radio unit ML001 . Also, 
using the pre -stored FQDN of the mobile radio unit 
ML001 (FQDN in this case Ism1001.mdbsx2.providerx) 
and the received FQDN (rsy3.providery) of the routing 

55 server RSY3, a "Mobile-FQDN" Is synthesized (in this 
case, the Mobile-FQDN is m1001.mdbsx2.providerx. 
rsy3.providery), that shows the current association of 
the mobile radio unit ML001 , and stores this piece of 
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information. Then, authentication data to indicate that 
the mobile radio unit ML001 has been authenticated and 
the ID of the mobile radio unit ML001 and the Mo- 
bile-FQDN are transmitted to the communications sys- 
tem managing server 1 0through the firewall FW1 1 , VPN 
router 11 A, the VPN router 31 a, and the firewall FW31 
(Figure 2, notation (7); step S7 in Figure 3). 
[0056] The communications system managing server 
10 stores the Mobile-FQDN of the mobile radio unit 
ML001 associated with the received ID of the mobile ra- 
dio unit ML001, and transmits the authentication data 
and the ID/Mobil e-FQDN of the mobile radio unit ML001 
transmitted by the mobile unit managing server 
MDBSX2 to the mobile unit managing server MDBSY3 
through the firewall FW31 , the VPN router 31 a, the VPN 
router 21a and the firewall FW21 by referencing to the 
stored the IP address of the mobile unit managing server 
MDBSY3 (Figure 2, notation (8); step S8 In Figure 3). 
[0059] The mobile unit managing server MDBSY3 
transmits the ID/Mobile-FQDN of the mobile radio unit 
ML001 and the authentication data transmitted by the 
communications system managing server 10, to the 
routing server RSY3, according to the temporarily -held 
IP address of the routing server RSY3 (Figure 2, nota- 
tion (9); step S9 in Figure 3). The routing server RSY3 
correlates and stores the ID of the mobile radio unit 
ML001, the Mobile-FQDN and the authentication data 
and allocates an IP address to the mobile radio unit 
ML001 (the IP address allocated here is any one of the 
IP addresses assigned to the routing server RSY3). Fur- 
thermore, a registration permission (or registration re- 
fusal) to indicate permission (or refusal) and the IP ad* 
dress/Mobile-FQDN of the mobile radio unit ML001 are 
transmitted through the radio base station to the mobile 
radio unit ML001 according to the ID of the mobile radio 
unit ML001 (Figure 2, notation (10); step S10 in Figure 
3), Upon receiving the registration permission from the 
routing server RSY3, communication can be estab- 
lished through the routing server RSY3. Accordingly al- 
so, the mobile radio unit ML001 has been allocated an 
IP address that is effective while being connected to a 
routing server underthe control of a different mobile unit 
managing server from the home mobile unit managing 
server, and because the Mobile-FQDN is given to cor- 
respond to the currently connected routing server, even 
when it is connected to a network other than the network 
to which the home mobile unit managing server is con- 
nected, the communications system managing server 
10 is able to identify the routing server currently con- 
nected by the mobile radio unit ML001 . 
[0060] On the other hand, the routing server RSY3 
transmits the ID of the mobile radio unit ML001 and a 
request for the security information for the mobile r adio 
unit M L001 to the mobile unit managing server M DBSY3 
(Figure 2, notation (11); step S11 In Figure 3). In this 
case, the security information means information set in 
a mobile radio unit for Its security, and contains Informa- 
tion on accessible hosts, information regarding whether 



or not to use VPN capability, security level, and the like. 
[0061] The mobile unit managing server MDBSY3 
transmits the ID of the mobile radio unit ML001 and the 
request for the security Information for the mobile radio 
5 unit ML001 which are transmitted by the routing server 
RSY3 to the communications system managing server 
10, through the firewall FW21 , the VPN router 21a, the 
VPN router 31 a, and the firewall FW31, (Figure 2, nota- 
tion (12); step S12 In Figure 3). At this time, because 
the mobile unit managing server MDBSY3 has not re- 
ceived a destination address resolution response from 
the DNS 21 in step S4 in Figure 3, which means that the 
mobile radio unit ML001 is not under its control, the se- 
curity information request is transmitt ed to the commu- 
nications system managing server 10. 
[0062] The communications system managing server 
10 transmits the ID of the mobile radio unit ML001 and 
the security information request for the mobile radio unit 
ML001 from the mobile unit managing server MDBSY3 
further to the mobife unit managing server MDBSX2 
through the firewall FW31 , the VPN router 31 a, the VPN 
router 11a, and the firewall FW11 according to the ID of 
the mobile radio unit ML001 (Figure 2, notation (13); 
step S13 in Figure 3). 

[0063] Upon receiving the ID of the mobile radio unit 
ML001 and the security information request for the mo- 
bile radio unit ML001 from the communications system 
managing server 10, the mobile unit managing server 
MDBSX2 accesses the security information of the mo- 
bile radio unit ML001 according to the ID of the mobile 
radio unit ML001 . Next, the mobile unit managing server 
MDBSX2 transmits the obtained security information for 
the mobile radio unit ML001 and the ID of the mobile 
radio unit ML001 to the communications system man- 
aging server 1 0 through the firewall FW11, VPN router 
11a, the VPN router 31 a, and the firewall FW31 (Figure 
2, notation (1 4); step S14 in Figure 3). 
[0064] The communications system managing server 
1 0 transmits the ID of the mobile radio unit ML001 and 
the security Information requestforthe mobile radio unit 
ML001 transmitted by the mobile unit managing server 
MDBSX2 further to the mobile unit managing server 
MDBSY3 through the VPN router 31a, the VPN router 
21 a, the firewall FW31 , and firewall FW21 according to 
the ID of the mobile radio unit ML001 (Figure 2, notation 
(15); step S15 in Figure 3). 

[0065] The mobile unit managing server MDBSY3 
transmits the ID of the mobile radio unit ML001 and the 
security Information request for the mobile radio unit 
ML001 transmitted by the communications system man- 
aging server 10 to the routing server RSY3 (Figure 2, 
notation (16); step S1 6 In Figure 3). The routing server 
RSY3 stores the received information by associating the 
ID of the mobile radio unit ML001 with the security in- 
formation (step S17 in Figure 3). 
[0066] By carrying out authentication process as ex- 
plained above, the security information which is equiv- 
alent to such as recorded In the original routing server 
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is set in the destination routing server. For this reason, 
the mobile radio unit MLO01 is able to perform commu- 
nication tasks in the communications area served by the 
radio base station managed by the mobile unit manag- 
ing server MOBSY3 at the same security level as when 
it was under the control of the mobile unit man aging 
server MDBSX2. 

[00871 Also, the authentication process described 
above are repeated when the mobile terminal travels to 
a communications area different from the communica- 
tions area served by the currently connected routing 
server. 

[0088] Here, in the embodiment described above, the 
authentication data and the security information are 
transmitted separately, but the security information may 
be transmitted by attaching Ittothe authentication data. 
[0069] Next, with reference to Figure 4, the process 
for receiving data of the mobile radio unit ML001 from a 
host will be explained, when the mobile radio unit ML001 
travels in an area outside the area managed by the 
home mobile unit managing server MDBSX2. 
[0070] In Figure 4, except for the bracketed portion 
that shows a process, parts that correspond to those in 
Figure 1 are referred to by the same reference numbers, 
and their explanations are omitted. A host 42 is an in- 
formation terminal that communicates within an Intranet 
connected to a global network (equivalent to the global 
network in Figure 1 ); and an IP address has been preset. 
A domain name server (DNS) 41 is provided within the 
network Z. In this example, the following explanation re- 
lates to a case of the mobile radio unit ML001 traveling 
in a communications area served by a radio base station 
of the routing server RSY3 managed by the mobile unit 
managing server MDBSY3, and receiving data from the 
host 42 of the network Z after authentication process 
has been carried out as described above. 
[0071] First, the host 42 transmits a FQDN (for exam- 
ple, m1001 .mdbsx2.provlderx shown by notation "a") of 
the mobile radio unit ML001 as the destination, a data 
transmission request and the IP address of the host 42 
to the DNS 41 (notation (1)). Upon receiving the FQDN 
of the mobile radio unit ML001 and the data transmis- 
sion request and the IP address of the host 42 transmit- 
ted by the host 42, the DNS 41 determines whether or 
not the mobile radio unit ML001 is under Its control ac- 
cording to the FQDN of the mobile radio unit ML001 . At 
this time, domain name server 41 Is not managing the 
mobile radio unit ML001 so that a response containing 
this information is transmitted to the host 42 (notation 
(2)). 

[0072] Upon receiving the response information from 
theDNS41 thatthe mobile radio unit ML001 is not under 
its control, the host 42 transmits the FQDN of the mobile 
radio unit ML001 and the data transmission request and 
the IP address of the host 42 to the communications sys- 
tem managing server 10 through the firewall FW31 (no- 
tation (3)). 

[0073] The communications system managing server 



10 temporarily holds the FQDN of the mobile radio unit 
ML001 and the data transmission request and the IP ad- 
dress of the host 42 transmitted by the host 42, and finds 
that, using the. FQDN of the mobile radio unitMLOOl as 

5 the key, the routing server that manages the mobile ra- 
dio unit at the destination is the routing server RSY3, 
and thatthe mobile unit managing server that manages 
the routing server RSY3 is the mobile unit managing 
server MDBSY3. 

to [0074] Then, the communications system managing 
server 1 0 transmits, through the firewall FW21 , the Mo- 
bile-FQDN (for example notation "b") of the mobile radio 
unit ML001 and the data transmission request to serve 
as the destination address resolution request (notations 

15 (4-1), (4-2)) to the mobile unit managing server 
MDBSY3 that manages the routing server RSY3. 
[0075] Because the mobile radio unit ML001 is under 
the control of the routing server RSY3, the mobile unit 
managing server MDBSY3 transmits the data transmis- 

20 sion request together with the Moblle-FQDN of the mo- 
bile radio unit ML001 as a traveling node information re- 
quest to the routing server RSY3 (notation (5)). 
[0076] Upon receiving the traveling node information 
request along with the FQDN of the mobile radio unit 

25 ML001 transmitted by the mobile unit managing server 
MDBSY3, since the mobile radio unit ML001 is under its 
control, the routing server RSY3 transmits to the firewall 
FW21 the Moblle-FQDN of the mobile radio unit ML001 , 
the IP address allocated to the mobile radio unit ML001 

30 by the routing server RSY3, the registration request for 
the IP address and a data reception response to indicate 
that it is able to transmit the transmission data ad- 
dressed to the mobile radio unit ML001 to the mobile 
radio unit ML001 (notation (6)). Further, the routing serv- 
es er RSY3 transmits a traveling node information re- 
sponse to the mobile unit managing server MDBSY3, 
which notifies that the traveling node information re- 
quest has been received and that the traveling node in- 
formation response has been transmitted to the firewall 

40 FW21 (notation (5-1)). Here, in a case of relocation after 
last registration, information to notify that relocation af- 
ter last registration has taken place is contained in the 
traveling node Information response as updating infor- 
mation, such that registration is renewed when the 

45 traveling node information response is transmitted to the 
mobile unit managing server MDBSY3, 
[0077] Upon receiving the Moblle-FQDN of the mobile 
radio unit ML001, the data reception response, the IP 
address allocated to the mobile radio unit ML001 by the 

5t? routing server RSY3 and the registration request for the 
IP address from the routing server RSY3, the firewall 
FW21 converts the IP address of the mobile radio unit 
ML001 to a global IP address using the NAT capability, 
and using the global IP address as the sender address, 

55 transmits the Moblle-FQDN of the mobile radio unit 
ML001, the data reception response and the address 
registration request to Reg10 -1 having the global ad- 
dress registration capability through the firewall FW31 
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(notation (7)). 

[0078] Upon receiving the global IP address of the 
mobile radio unit ML001 , the Mobile-FQDN of the mobile 
radio unit ML001, the data reception response and the 
address registration request, Reg1 0-1 transmits the Mo- 
bile-FQDN of the mobile radio unit ML001 and the data 
reception response to the communications system man- 
aging server 1 0, using the global IP address of the mo- 
bile radio unit ML001 as the sender address (notation 
(8)). Then, global IP address of the mobile radio unit 
ML001 and the FQDN are correlated and stored in the 
communications system managing server 10. 
[0079] On the other hand, after receiving the traveling 
node information response, the mobile unit managing 
server MDBSY3 transmits the Mobile-FQDN of the mo- 
bile radio unit ML001 and the destination address reso- 
lution response to the communications system manag- 
ing server 10 through the firewalls FW21 , 31 (notations 
(4-3), (4-4)). 

[0080] Upon receiving the destination address reso- 
lution response and the Mobile-FQDN of the mobile ra- 
dio unit ML001 from the mobile unit managing server 
MDBSY3, the communications system managing server 
1 0 determines whether or not there is an IP address cor- 
responding to the Mobile-FQDN of the mobile radio unit 
ML001. In this case, because the global IP address of 
the mobile radio unit ML001 is detected, the communi- 
cations system managing server 1 0 transmits the global 
IP address of the mobile radio unit ML001 as a data 
transmission response to the host 42, through the fire- 
walls FW31, the VPN router 31a, the global network 
100, the VPN router 21a, firewall FW21 (notation (9)). 
[0081] Upon receiving the data transmission re- 
sponse and the global IP address of the mobile radio 
unit ML001 , the host 42 sets the global IP address of 
the mobile radio unit ML001 as the destination. Then, 
the destination is set in the destination of the transmis- 
sion data to be transmitted to the mobile radio unit 
ML001 , and transmits the packets to the firewall FW21 
(notation (10)). 

[0082] The firewall FW21 , after converting the global 
IP address of the mobile radio unit ML001 set as the 
destination of the transmission data transmitted by the 
host 42 into a local address, transmits the transmission 
data transmitted by the host 42 to the routing server 
RSY3 (notation (11)). 

[0083] The routing server RSY3, upon receiving the 
transmission data having the IP address of the mobile 
radio unit ML001 set as the destination of the transmis- 
sion data from the firewall FW21, transmits the trans- 
mission data to the mobile radio unit ML001 (notation 
(12)). 

[0084] By following the process described above, be- 
cause the host 42 for receiving the transmission data Is 
notified of the I P address of the mobile radio unit ML001 , 
even when the mobile radio unit ML001 travels to a com- 
munications area of a routing server that is not under 
the control of the home mobile unit managing server of 



the mobile radio unit ML001 , It enables transmission of 
the transmission data from a host that had no informa- 
tion at first about travel of the mobile radio unit ML001 
into a communications area of the routing server that is 

s not under the control of the home mobile unit managing 
server of the mobile radio unit ML001 . Also, by so doing, 
it enables transmission of the transmission data to, for 
example, an information collection and storage device 
used in PCs, PDAs, telematics and the like, and to ter- 

io minals used for remote -controlled automated inspec- 
tion devices and the like. 

[0085] Next, the communications system managing 
server 1 0 will be explained with reference to the draw- 
ings. 

is [0086] Figure 5 is a schematic block diagram of the 
structure of the communications system managing serv- 
er 10. in this diagram, a receiving section 11 receives 
various transmitted requests, responses and informa- 
tion. A mobile radio unit database section13, for exam- 

20 pie, as shown in Figure 6, correlates and stores the IDs, 
the FQDNs, the Mobile- FQDNs, the IP addresses, the 
security information, home mobile unit managing server, 
current mobile unit managing server, and current routing 
server for each mobile radio unit that communicates 

& through the network connected to the global network 
100 (in this case, networks X and Y). 
[0087] A control section 12, responding to requests, 
retrieves a home mobile unit managing server, current- 
ly-affiliated mobile unit managing server, currently-affll- 

30 lated routing server, and the IP address, which are re- 
lated to the mobile radio unit, In the mobile radio unit 
database section 13, using the ID and the FQDN as 
keys, as well as updates the contents stored in the mo- 
bile radio unit database section 13 to the latest sta tus, 

35 such as a Mobile-FQDN, currently-affiliated mobile unit 
managing server, currently-affiliated routing server, and 
the IP address, for each movement of a mobile radio 
unit from one routing server to another routing server. A 
transmitting section 14 tra nsmits various requests, re- 

40 sponses, and information. 

[0088] For example, when the communications sys- 
tem managing server 10 receives the FQDN of the mo- 
bile radio unit ML001 and a data transmission request 
from the host 42 with receiving section 1 1 , since the re- 

43 celved request is a data transmission request, the con- 
trol section 12 retrieves a Mobile-FQDN corresponding 
to the FQDN of the mobile radio unit ML001 in the mobile 
radio unit database section 13, and finds that the cur- 
rently-affiliated routing server is the routing server RSY3 

so and that the mobile unit managing server controlling the 
routing server RSY3 is the mobile unit managing server 
MDBSY3. Then, the communications system managing 
server 10 transmits the Mobile-FQDN of the mobile ra- 
dio unit ML001 and the data transmission request to the 

55 mobile unit managing server MDBSY3 through the 
transmitting section 14. 

[0089] Also, when the control section 1 2 of the com- 
munications system managing server 10 receives an 
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authentication request through the receiving section 1 1 
for the mobile radio unit ML001 , it retrieves the home 
mobile unit managing server of the mobile radio unit 
ML001 in the mobile radio unit data base section 13, 
according to the ID of the mobile radio unit ML001 . 5 
[0090] Next, the mobile unit managing server 
MDBSX2 will be explained with reference to the draw- 
ings. Figure 7 is a schematic block diagram of the struc- 
ture of the mobile unit managing server MDBSX2. In this 
diagram, a receiving section 81 receives various trans- 
mitted requests, responses and information. A mobile 
radio unit database section 83, as shown in Figure 8, 
stores the IDs, the FQDNs, the current Moblle-FQDNs, 
the security information of mobile radio units that are 
affiliated with the mobile unit managing server MDBSX2 
itself as their home mobile unit managing server. A 
transmitting section B4 transmits various requests, re- 
sponses, and information. 

[0091] Next, the control section 82 will be explained. 
For example, when the mobile unit managing server 
MDBSX2 receives an authentication request for a mo- 
bile radio unit ML001 from the communications system 
managing server 10, the control section 82 confirms 
whether or not the mobile radio unit is under its control, 
using the received ID of the mobile radio unit ML001 as 
the key, In the mobile radio unit database section 83. If, 
as a result of confirmation, it is determined that the mo- 
bile radio unit MLO01 Is under its control, a Mo- 
bile-FQDN is created to show the current association by 
linking the pre-stored FQDN of the mobile radio unit 
ML001 and the FQD N of currently-affiliated routing 
server, and updates the content of the Mobile-FQDN in 
the mobile radio unit database section 83 of the mobile 
radio unit ML001 . Then, a response containing the au- 
thentication data showing that the mobile radio unit is 
one of its own and the Mobile-FQDN of the mobile radio 
unit ML001 are transmitted to the communications sys- 
tem managing server 1 0. On the other hand, If the re- 
sults of the determination shows that the mobile radio 
unit is not one of its own, a response contain ing the 
authentication data showing that the mobile radio unit is 
not one of its own and the ID of the mobile radio unit 
ML001 are transmitted. Also, when a security informa- 
tion request for the mobile radio unit ML001 is received, 
the security information for the mobile radio unit ML001 
is detected in a similar manner using the ID as the key 
in the mobile radio unit database section. In the preced- 
ing, operation of the communications system managing 
server 10 was explained concerning the mobile radio 
unit ML001 . but similar process are performed for mo- 
bile radio units that are affiliated with the mobile unit 
managing server MDBSX2 as their home mobile unit 
managing server. 

[0092] Next, the routing server RSY3 will be explained 
with reference to the drawings. Figure 9 is a schematic 
block diagram of the structure of the routing server 
RSY3. A receiving section 91 receives various requests, 
responses and information. A mobile radio unit data- 



base section 93, as shown in Figure 10, stores the IDs, 
the Mobile- FQDNs, the IP addresses, the security infor- 
mation of currently connected mobile radio units. The 
transmitting section 94 transmits various requests, re- 
sponses and information. Next, the control section 92 
will be explained. For example, when a registration re- 
quest is transmitted by the mobile radio unit ML001 , the 
control section 92 attaches an authentication request 
and a FQDN of RSY3 Itself to the ID of the mobile radio 
unit ML001 , and transmits the packet to the mobile unit 
managing server MDBSY3 that controls the routing 
server RSY3. Also, when the authentication data is 
transmitted by the mobile unit managing server 
MDBSY3, the database section 93 is updated to the re- 
ceived Mobile-FQDN of the mobile radio unit ML001 and 
the results are stored, and an IP address is allocated to 
the mobile radio unit ML001 , and a registration permis- 
sion and the IP address are transmitted to the mobile 
radio unit ML001. This is followed by transmitting the 
security information on the mobile radio unit ML001 , and 
the security information contained In the response is 
correlated to the ID, the Mobile-FQDN, the IP address 
of the mobile radio unit ML001 and is stored in the da- 
tabase section 93. Also, when the mobile radio unit 
ML001 communicates with another mobile radio unit or 
a host, ac cording to the security information In the da- 
tabase section 93, it is controlled whether communica- 
tion is allowed or not. 

[0093] Next, another embodiment of the present in- 
vention in the first viewpoint will be explained. Figure 1 1 
is a diagram of the structure of the communications sys- 
tem in this embodiment. In this diagram, parts that cor- 
respond to those in Figure 1 are given the same refer- 
ence numbers, and their explanations are omitted. 
[0094] In this diagram, reference number 51a refers 
to a VPN router connected between a network R and 
the global network 100, and 61a refers to a VPN router 
connected between a network Q and the global network 
100. 

[0095] Afirewall FW51 is provided in the network R, 
and a firewall FW61 is provided in the network Q. 
[0096] The reference number 61 refers to a domain 
name system (DNS) server, and 62 refers to a second- 
ary domain name system (DNS) server for assisting 
DNS server 61 . A routing server RSQ1 is connected to 
the firewall FW61 through a mobile unit managing serv- 
er MDBSQ1 . ML500 is a mobile radio unit currently con- 
nected to the routing server RSQ1 and is given a FQDN 
represented by m1500.mdbsx1 .providerx. 
[0097] The reference number 1 01 refers to a domain 
name system (DNS) server, and the DNS server 101 is 
connected to firewall FW51 In the network R. 
[0098] This embodiment relates to the process of the 
destination address resolution for the mobile radio unit 
ML500, after the mobile radio unit ML001 has traveled 
from the network X to the network Y and has established 
communication with the routing server RSY3, and the 
process will be explained with reference to Figures 11 
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and 12. Figure 12 is a diagram for explaining the oper- 
ational sequence of the communications system. !n this 
example, It is assumed that the mobile radio unit ML500 
has traveled to a communications area served by the 
routing server RSQ1 , and that its authentication process 
for the routing server RSQ1 has been completed. 
[0099] First, the mobile radio unit ML001 transmits a 
FQDN of the mobile radio unit ML500, for which the des- 
tination address has to be resolved, and a destination 
address resolution request and the IP address of the 
mobile radio unit ML001 to the routing server RSY3 
(step S20). 

[0100] Upon receiving the FQDN of the mobile radio 
unit ML500 and the destination address resolution re- 
quest and the IP address of the mobile radio unit ML001 , 
the routing server RSY3 transmits the FQDN of the mo- 
bile radio unit ML500 and destination address resolution 
request and the IP address of the mobile radio unit 
ML001 to the DNS 21 (step S21). 
[0101] Upon receiving the FQDN of the mobile radio 
unit ML500 and destination address resolution request 
and the IP address of the mobile radio unit ML001 from 
the routing server RSY3, the DNS 21 temporarily holds 
the FQDN of the mobile radio unit ML500 and destina- 
tion address resolution request and the IP address of 
the mobile radio unit ML001 , and determines whether 
or not the mobile radio unit ML500 is under Its control 
according to the received FQDN of the mobile radio unit 
ML500. In this case, because the mobile radio unit 
ML500 is not under its control, the DNS 21 transmits the 
temporarily-held FQDN of the mobile radio unit ML500 
and the destination address resolution request and the 
IP address of the mobile radio unit ML001 to the sec- 
ondary DNS 22 (step S22). 

[0102] Upon receiving the FQDN of the mobile radio 
unit ML500 and the destination address resolution re- 
quest and the IP address of the mobile radio unit ML001 , 
the DNS 22 temporarily holds the received FQDN of the 
mobile radio unit ML500 and destination address reso- 
lution request and the IP address of the mobile radio unit 
ML001 , and determines whether or not the mobile radio 
unit ML500 Is under Its control according to the FQDN 
of the mobile radio unit ML500. In this case, because 
the mobile radio unit ML500 is not under its control, the 
DNS 22 transmits the temporarily -held FQDN of the mo- 
bite radio unit ML500 and the destination address reso- 
lution request and the IP address of the mobile radio unit 
ML001 to the communications system managing server 
10 through the firewall FW21 , the VPN router 21a, the 
global network 100, the VPN router 31 a, and the firewall 
FW31 (step S23). 

[01 03] The communications system managing server 
10 temporarily holds the FQDN of the mobile radio unit 
ML500 and the destination address resolution re quest 
and the IP address of the mobile radio unit ML001 trans- 
mitted by the DNS 22, and finds that the routing server 
managing the traveling mobile radio unit ML500 is the 
routing server RSQ1 according to the FQDN of the mo- 



bile radio unit ML500, and finds t hat the mobile unit 
managing server managing the routing server RSQ1 Is 
the mobile unit managing server MDBSQ1 and that the 
current Mobile-FQDN is m1500.mdbsx.providerx. 

5 rsql .provlderq, for example. 

[0104] Then, the communications system managing 
server 10 transmits the detected Mobile-FQDN for the 
mobile radio unit ML500 and the destination address 
resolution request to the mobile unit managing server 

10 MDBSQ1 that manages the routing server RSQ1, 
through the firewall FW31 , the VPN router 31 a, the glo- 
bal network 100, the VPN router 61a, and the firewall 
61 (step S24). 

[0105] Upon receiving the Mobile-FQDN of the mobile 

* 5 radio unit ML500 and the destination address resolution 
request from the communications system managing 
server 10, the mobile unit managing server MDBSQ1 is 
able to detect that the mobile radio unit ML500 Is under 
the control of the routing server RSQ1 because the Mo- 

20 bile-FQDN contains "rsq1 M , so that the destination ad- 
dress resolution request is transmit ted to the routing 
server RSQ1 together with the Mobile-FQDN of the mo- 
bile radio unit ML500 as the traveling node information 
request (step S25). 

25 [0106] Upon receiving the Mobile-FQDN of the mobile 
radio unit ML500 and the traveling node information re- 
quest from the mobile unit managing server MDBSQ1 , 
and after searching the mobile radio unit database sec- 
tion, the mobile routing server RSQ1 transmits an ad- 

30 dress registration request and the Mobile-FQDN of the 
mobile radio unit ML600 and the detected IP address, 
to the firewall FW61. 

[0107] Upon receiving the address registration re- 
quest and the Mobile-FQDN of the mobile radio unit 

S5 ML500 and the detected IP address from the routing 
server RSQ1, the firewall FW61 allocates a global IP 
address to the mobile radio unit ML500 using the NAT 
capability, and designating the allocated giobai IP ad- 
dress of the mobile radio unit ML500 as the sender ad- 

40 dress, the Mobile-FQDN of the mobile radio unit ML500 
is transmitted to Reg10-1 through the VPN router 61a, 
the global network 100, the VPN router 31 a, the firewall 
FW31 , and Reg1 0-1 further transmits the packets to the 
communications system managing server 1 0. By so do- 

45 ing, the IP address of the mobile radio unit ML500 is 
made known to the communications system managing 
server 10, so that the global IP address of the mobile 
radio unit ML500 and the Mobile-FQDN are correlated 
and stored in the communications system managing 

so server 10 (step S26). 

[0108] On the other hand, the routing server RSQ1 
further transmits a traveling node Information response, 
stating that the traveling node information request has 
been received and the address registration request has 

55 been transmitted to firewall FW21, and the Mo- 
bile-FQDN of the mobile radio unit ML500 to the mobile 
unit managing server MDBSQ1 (step S27). 
[0109] Upon receiving the traveling node information 
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response and the Mobile-FQDN of the mobile radio unit 
ML500 from the routing server RSQ1, the mobile unit 
managing server MDBSQ1 transmits the traveling node 
Information response and the Mobile-FQDN of the mo- 
bile radio unit ML500 transmitted by the routing 8 erver 
RSQ1 to the communications system managing server 
1 0, through the VPN router 61a, the global network 1 00, 
the VPN router 31a, the firewall FW31 (step S28). 
[0110] Upon receiving the destination address reso- 
lution response and the Mobile-FQDN of the mobile ra- 
dio unit ML500 from the mobile unit managing server 
MDBSQ1 , the communications system managing serv- 
er 1 0 transmits the global IP address of the mobile radio 
unit ML500 to serve as the destination address resolu- 
tion response to the DNS 22, through the firewall FW31 , 
the VPN router 31a, the global network 100, the VPN 
router 21 a, and firewall 21 (step S29). 
[0111] Upon receiving the global IP address of the 
mobile radio unit ML500 as the destination address res- 
olution response from the communications system man 
aging server 1 0, the DNS 22 transmits the received glo- 
bal I P address of the mobile radio unit ML500 to the DNS 
21 as the destination address resolution response (step 
S30). 

[0112] Upon receiving the global IP address of the 
mobile radio unit ML500 as the destination address res- 
olution response from the DNS 22, the DNS 21 transmits 
the received global IP address of the mobile radio unit 
ML500 to the routing server RSY3 as the destination ad- 
dress resolution response (step S31). 
[0113] Upon receiving the global IP address of the 
mobile radio unit ML500 as the destination address res- 
olution response, the routing server RSY3 transmits the 
received global IP address of the mobile radio unit 
ML500 to the mobile radio unit ML0O1 as the destination 
address resolution response (step S32). 
[0114] By following the process described above, the 
mobile radio unit MLOOt is informed of the global IP ad- 
dress of the traveling mobile radio unit ML500. Accord- 
ingly, the mobile radio unit ML001 is able to transmit the 
transmission data and the like to the mobile radio unit 
ML500. 

[0115] Next, still another embodiment of the present 
invention in the first viewpoint will be explained. In this 
embodiment, a case relates to a mobile radio unit 
ML001 affiliated with the routing server RSY3 making a 
destination address resolution request for a mobile radio 
unit ML500 that has traveled into the same network as 
the mobile radio unit ML001, and the case will be ex- 
plained with reference to Figures 11 and 13. Figure 13 
is a diagram to explain the operational sequence of the 
communications system of still another embodiment. In 
this embodiment, It Is assumed that the mobile radio unit 
ML500 has traveled into a communications area of rout- 
ing server RSY2 and that the authentication process to 
routing server RSY2 has been completed. 
[0116] First, the mobile radio unit ML001 transmits a 
FQDN (m1500.mdbsx1.providerx, for example) of the 



mobile radio unit ML500, for which the destination ad- 
dress has to be resolved, and a destination address res- 
olution request and the IP address of the mobile radio 
unit ML001 to the routing server RSY3 (step S40), After 

s the step S40, similar to the steps S21-S23 described in 
Figure 1 2, the FQDN of the mobile radio unit ML500, the 
destination address resolution request and the IP ad- 
dress of the mobile radio unit ML001 are transmitted to 
the communications system managing server 10 (steps 

10 S41.S42.S43) 

[0117] Upon receiving and temporarily holding the 
FQDN of the mobile radio unit ML500, destination ad- 
dress resolution request and the IP address of the mo- 
bile radio unit ML001 transmitted by the DNS 22, the 

15 communications system managing server 10 searches 
the mobile radio unit database section, using the FQDN 
of the mobile radio unit ML500 as the key, finds that the 
routing server managing the traveling mobile radio unit 
ML500 is a routing server RSY2, and finds that the mo- 

20 bile unit managing server that controls the routing server 
RSY2 Is a mobile unit managing server MDBSY2 and 
that the Mobile-FQDN to show the current association 
is m1500.mdbsx1.provlderx.rsy2.providery, for exam- 
ple. 

25 [0118] Then, the communications system managing 
server 10 transmits the detected Mobile-FQDN of the 
mobile radio unit ML500 and the destination address 
resolution request to the mobile unit managing server 
MDBSY2 that manages the routing server RSY2 (step 

30 S44). 

[0119] After the step S44, similar to the steps S25 
-S28 in Figure 12, the destination address resolution re- 
quest as the traveling node Information request, togeth- 
erwith the Mobile-FQDN of the mobile radio unit ML500, 

35 is transmitt ed from the mobile unit managing server 
MDBSY2 to the routing server RSY2 (step S45), and the 
registration request of an IP address allocated by the 
routing server RSY2 and the Mobile-FQDN of the mobile 
radio unit ML500 are transmitted from routing server 

40 RSY2 using the allocated IP address as the sender ad- 
dress to the communications system managing server 
10 (the IP address of the mobile radio unit ML500 has 
been converted to the global IP address by the firewall 
FW21) (step S46), and the traveling node information 

*5 response and the Mobile-FQDN of the mobile radio unit 
ML500 are transmitted from the routing server RSY2 to 
the mobile unit managing server MDBSY2 (step S47). 
[0120] Upon receiving the destination address reso- 
lution response and the Mobile-FQDN of the mobile ra- 

50 dio unit ML500 from the mobile unit managing server 
MDBSY2 (step S48), similar to steps S29-S32, the com- 
munications system managing server 10 transmits the 
global IP address of the mobile radio unit ML500 to 
serve as the destination address resolution response to 

55 the mobile radio unit ML001 , through the DNS 22, the 
DNS 21 , and the routing server RSY3 (step S49, S50, 
S51,S52). 

[0121 ] Accordingly, even when a host as a target of a 
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destination address resolution is connected to the same 
network as the requesting mobile radio unit, an IP ad- 
dress of a routing server connected to the host is deliv- 
ered to the mobile radio unit requesting destination ad- 
dress resolution. 

[0122] Next, another embodiment of the present in- 
vention in the first viewpoint will be explained. In this 
embodiment, a case relates to the destination address 
resolution process for a host connected to a general In- 
tranet, and will be explained with reference to Figure 14. 
Figure 14 is a diagram to explain the operational se- 
quence of the communications system this embodi- 
ment In this embodiment, it is assumed that the host is 
connected to a DNS server 101. 
[0123] First, similarto the steps S20-S23 in Figure 12, 
the mobile radio unit ML001 transmits the FQDN of the 
host which is the target of the destinati on address res- 
olution and a destination address resolution request and 
an IP address of the mobile radio unit ML001 to the com- 
munications system managing server 10, through the 
routing server RSY3, the DNS 21, and the DNS 22 
(steps S60, S61,S62, S63). 

[0124] Upon receiving a domain name which is the 
destination address resolution target and the destina- 
tion address resolution request and the IP address of 
the mobile radio unit ML001 , the communications sys- 
tem managing server 1 0 temporarily holds the FQDN of 
the destination address resolution target and the desti- 
nation address resolution request and the IP address of 
the mobile radio unit ML001 , and finds that the host is 
affiliated with the DNS server 101 according to the 
FQDN of the destination address resolutio n target, and 
transmits the FQDN of the destination address resolu- 
tion target and the destination address resolution re- 
quest to the DNS server 1 01 (step S64). 
[0125] Upon receiving the FQDN of the host and the 
destination address resolution request, the DNS server 
1 01 transmits the IP address of the host to serve as the 
destination address resolution response to the commu- 
nications system managing server 10 through a firewall 
FW51 (step S65). By so doing, the global IP address of 
the host as the target for the destination address reso- 
lution is made known to the communications system 
managing server 10. 

[0126] Then, when the association of the host as the 
target for the destination address resolution is notified 
to the communications system managing sewer 10, 
similar t o the steps S29-S32, the global IP address of 
the host as destination address resolution response is 
transmitted from the communications system managing 
server 10 to the mobile radio unit ML001, through the 
DNS 22, the DNS 21, and the routing server RSY3 
(steps S66, S67, S68, S69). 

[0127] According to the embodiment explained 
above, the destination address resolution process is' 
carried out in a host connected to a general Intranet by 
following the process described above. 
[0128] Next, still another embodiment of the present 



invention in the first viewpoint will be explained. In this 
embodiment, a case relates to a host connected to a 
general Intranet making a destination address resolu- 
tion request for a mobile radio unit ML001 connected to 
5 the routing server RSY3 will be explained with reference 
to Figure 15. Figure 15 is a diagram to explain the op- 
erational sequence of this embodiment. In this example, 
it is assumed that the host is connected to the DNS serv- 
er101. 

10 [0129] First, upon receiving a FQDN of the mobile ra- 
dio unit ML001 as the target for the destination address 
resolution and a destination address resolution request 
and an IP address of the original requester, the DNS 
server 101 transmits the FQDN of the mobile radio unit 

1$ ML001 and the received destination address resolution 
request and the IP address of the original requester to 
the communications system managing server 10 (step 

570) . 

[0130] After the FQDN of the mobile radio unit ML001 
20 and the destination address resolution request and the 
IP address of the requester are transmitted to the com- 
munications system managing server 10, similarto the 
steps S24-S26, the communications system managing 
server 1 0 temporarily holds the FQDN of the mobile ra- 
2$ dio unit ML001 and the destination address resolution 
request and the IP address of the requester, and finds 
that the host is affiliated with the routing server RSY3 
according to the FQDN of the mobile radio unit ML001 , 
so that the FQDN of the mobile radio unit ML001 and 
30 the destination address resolution request are transmit- 
ted to the mobile unit managing server MDBSY3 (step 

571) . Then, the FQDN of the mobile radio unit ML001 
and the traveling node information request are transmit- 
ted from the mobile unit managing server MDBSY3 to 

55 the routing server RSY3 (step S72). The IP addre ss 
and the Mobile-FQDN of the mobile radio unit MLOOt 
and an address registration request are transmitted 
from the routing server RSY3 to the communications 
system managing server 10 (step S73). 

40 [0131] Then, a traveling node information response 
and the Mobile-FQDN of the mobile radio unit ML001 
are transmitted from the routing server RSY3 to the mo- 
bile unit managing server MDBSY3 (step S74), and a 
global IP address of the mobile radio unit ML001 to 

4$ serve as the destination address resolution response 
are transmitted from the mobile unit managing server 
MDBSY3 to the DNS server 101 through the communi- 
cations system managing server 1 0 (steps S75 and 76). 
[0132] Accordingly, the destination address resolu- 

so tlon process Is carried out from a network such as a com- 
mon Intranet to a mobile radio unit. 
[0133] Here, in the embodiments described above, 
the mobile unit managing server and the routing server 
are described as separate entities, however the routing 

55 server may have a capability as a mobile unit managing 
server to be provided a single unit. Also, the radio base 
station and the routing server may be combined into a 
single unit. 
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[01 34] Also, the functions of the communications sys- 
tem managing server shown in Figure 1 may be per- 
formed by recording application programs for perform- 
ing the processes, and loading the programs in a com- 
puter system to manage FQDNs of mobile radio units. 
The computer system, in this context, includes any op- 
erating systems (OS) and peripheral hardware. 
[0135] Also, the computer system may also Include 
the use of wo rid wide webs and home page portals. 
[0136] Also, computer readable recording media In- 
clude portable media such as floppy disks, opto-mag- 
netic disks, ROMs, CD-ROMs, as well as fixed devices 
such as hard disks housed in computer systems. The 
computer readable recording media further include 
short-term dynamic memories (transmission media In- 
clusive of wave signals) used in transmitting applica- 
tions through such means as networks such as the In- 
ternet or telephone circuits, as well as other short-term 
memories such as volatile memories used in servers 
and client computer systems. The application programs 
may perform a part of the described capabilities, or may 
be operated in conjunction with pre-recorded programs 
stored in computer systems. 

[0137] The embodiments in the present Invention 
have been described above in detail with reference to 
the drawings* but the specific structures are not limited 
to those disclosed in the embodiments, and include any 
designs within the scope of the present Invention. 
[0138J ' n the following, an embodiment of the routing 
server in the present invention In the second viewpoint 
will be explained with reference to the drawings. 
[0139] Figure 16 is a schematic block diagram of a 
radio communications system based on a routing server 
in the embodiment. 

[0140] l n this diagram, a network A is connected to 
the global network 1 00 through a firewall FW 1 1 A having 
a NAT (network address translation) capability and a 
VPN router 111 having a VPN (virtual private network) 
capability. 

[0141] A mobile unit managing server MDBSA1 man- 
ages the IDs and the IP addresses of routing servers 
RSA1 -RSA2 and radio base stations (not shown) under 
its control, and manages also the ID, the Mobile-FQDN, 
the PGDN, and the security information of a mobile radio 
unit ML001 associated therewith as a home mobile unit 
managing server. A mobile unit managing server 
MDBSA2 manages the IDs and the IP addresses of a 
routing server RSA3 and radio base stations (not 
shown) under Its control, and manages also the ID, the 
Mobile-FQDN. the FQDN, and the security information 
of mobile radio units associated therewith as its home 
mobile unit managing server. 

[0142] RSA1, RSA2, and RSA3 are routing servers, 
and each is in contact with at least one radio base station 
to provide routing of IP packets. Furthermore, these rout 
ing servers RSA1 , RSA2 and RSA3 store security infor- 
mation of mobile radio units currently connected to each 
serve r by obtaining the security information from the re- 



spective home mobile unit managing servers, and con- 
trols whether or not to permit communica tion of these 
mobile radio units with Information communications de- 
vice s at respective destinations based on the contents 
s of the security information. In this example, the routing 
servers RSA1 and RSA2 are under the control of the 
mobile unit managing server MDBSA1 and the routing 
server RSA3 Is under the control of the mobile unit man- 
aging server MDBSA2. Domain name servers 11 A and 
10 12A convert domain names to the IP addresses. 

[0143] The mobile radio unit ML001 is connected to 
an Information terminal HostX such as a computer or a 
PDA and is connected to the routing server RSA3 
through the radio base station. Also, this mobiie radio 
is unit ML001 Is provided with a preset identifier (the ID). 
In this example, it is assumed that the mobile unit man- 
aging server MDBSA1 is a home mobile unit managing 
server for the mobile radio unit ML001 , 
[0144] An information communications device Host A 
20 has capabilities for HTTP (hypertext transfer protocol), 
Telnet, and FTP (file transfer protocol), and is connected 
to a network 101 which is connected to the global net- 
work 100. The network 101 is utilized by a firm A. 
[0145] An Information communications device HostB 
25 has HTTP capability and is connected to a network 200 
which is connected to the global network 1 00. This net- 
work 200 is utilized by a firm B. Information communi- 
cations devices HostP and HostQ have HTTP capabili- 
ties and are disposed within a communication region X 
30 that allows access to the global network 1 00. 

[0146] The global network 100 Is, for example, a net- 
work such as the Internet. 

[01 47] Next, the structure of the routing server RS A3 
in Figure 16 will be explained with reference to Figure 
35 1 7. Figure 1 7 Is a schematic block diagram of the struc- 
ture of the routing server RSA3. In this diagram, a se- 
curity Information storage section 213 stores the secu- 
rity information to determine whether or not to permit the 
mobile radio units under its control (the mobile radio unit 
40 ML001, for example) to communicate with destination 
communications devices or Information communica- 
tions devices which are connected to the network A or 
the global network 100. The "destination communica- 
tions device" In this case refers to a device at a destina- 
^5 tion that enables transmission and reception of data to 
and from the mobile radio unit through a routing server, 
and relates, for example, to a server or a portable ter- 
minal. 

[0148] An example of the security information stored 
so jn the security information storage section 213 is shown 
in Figure 18. As shown In the diagram, the security In- 
formation contains the IDs and the host names of the 
mobile radio units to identify them (MRID and MRHN in 
Figure 18); the host names of the information commu- 
55 nlcatlons devices to Identity these destination devices 
(CDHN in Figure 1 8); protocols for connecting to the in- 
formation communications devices; an access type in- 
formation for determining the type of communication 
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services and communication capabilities (AT in Figure 
18); an access managing Information to determine 
whether or not to permit the mobile radio units and the 
information communications devices to be connected 
(AMI in Figure 1 8) which are related to each other. s 
[01 49] Here, the access type is given, for example, by 
"http M to specify the use of HTTP for communication; 
"ftp" to specify the use of FTP forcommunicatfon, "ALL" 
to specify ail types of accessing; "PUSH" to specify data 
transmission according to PUSH protocol; The access 
managing information includes "OK" to permit connec- 
tion between the mobile radio unit and the information 
communications device and "NG" to deny connection 
between the mobile radio unit and the Information com- 
munications device. 

[01 50] The information communications device refers 
to a device as a communications partner capable of 
transmitting or receiving data through a routing server, 
and refers to a server or a portable terminal, for exam- 
ple. 

[0151] Here, in Figure 18, the security information Is 
shown only for a mobile radio unit having a host name 
ML001, but the security Information storage section of 
a routing server stores the security information on all the 
mobile radio units that are under the control of the rout- 
ing server. 

[01 52] When it is necessary to establish communica- 
tion between a mobile radio unit and an information 
communications device, a communication control sec- 
tion 212 controls whether or not to establish communi- 
cation between the mobile radio unit and the information 
communications device, based on the security informa- 
tion stored in the security information storage section 
213. 

[0153] A receiving section 211 receives various data 
transmitted from external devices. 
[0154] A transmitting section 214 transmits various 
data to external devices. 

[0155] Next, the mobile unit managing server 
MDBSA1 shown in Figure 16 will be explained with ref- 
erence to the diagrams. Figure 19 is a schematic block 
diagram of the structure of the mobile unit managing 
server MDBSA1 . In this diagram, the security Informa- 
tion transmitting control section 222 is operated when 
the mobile radio unit ML001 travels and attempts to con- 
nect to a different routing server for connection. In re- 
sponse to a security information request transmitted 
from the connected routing server, the security informa- 
tion transmitting control section 222 accesses the secu- 
rity information on the mobile radio unit ML001 stored 
in a security information storage section 223, and the 
obtained security information Is transmitted to the rout- 
ing server which is to be connected to the mobile radio 
unitMLOOL 

[0156] Also, when the mobile unit managing server 
MDBSA1 receives an authentication request forthe mo- 
bile radio unit ML001 , tor example, from a communi cat- 
ions system managing server (not shown), the security 



information transmitting control section 222 determines 
whether or not the mobile radio unit ML001 is under its 
control. If the results indicate that the mobile radio unit 
ML0Q1 Is under its control, a Moblle-FQDN Is created to 
show the current association by linking the FQDN of the 
mobile radio unit ML001 and the FQDN of currently-af- 
filiated routing server, and the result is stored in a spe- 
cific memory location. Furthermore, the authentication 
data t o show that the mobile radio unit ML001 is under 
its control and the Mobile-FQDN and the ID of the mobile 
radio unit ML001 are transmitted to the communications 
system managing server. Also, if the result shows that 
the mobile radio unit is not under its control, the authen- 
tication data to show that the mobile radio unit is not 
under its control and the ID of the mobile radio unit 
ML001 are returned. Accordingly, the Mobile-FQDN en- 
ables communication with a host connected to the glo- 
bal network 1 00 even when the mobile radio unit is con- 
nected to a routing server connected to a mobile unit 
managing server that is not its home mobile unit man- 
aging server. 

[0157] The security information storage section 223 
stores the security Information to show whether or not 
to permit communication between a mobile radio unit 
and an information communications device at a desti- 
nation for each mobile radio unit that has the mobile unit 
managing server MDBSA1 as its home server. 
[0158] An example of the security information stored 
in the security information storage section 223 is shown 
in Figure 20. As shown in this diagram, the security in- 
formation correlates and stores the IDs of the mobile ra- 
dio units (MRID) and the host names whose mobile unit 
managing server is the mobile unit managing server 
MDBSA1 (MRHN) and the host names for identifying in- 
formation communications device at the destination 
(CDHN) and the access type (AT) and access managing 
information (AMI). 

[0159] Here, In Figure 20, the security Information for 
mobile radio units ML001-ML004 that are controlled by 
the mobile unit managing server MDBSA1 as Its home 
mobile unit managing server. A receiving section 221 
receives various data transmitted from external devices. 
A transmitting section 224 transmits various data to ex- 
ternal devices. 

[0160] Next, the operation of the routing server shown 
in Figure 1 6 will be explained with reference to the draw- 
ings. In this example, communication Is started after the 
security information forthe mobile radio unit ML001 has 
been clarified. Figure 21 is a flowchart to explain the op- 
eration of the routing server in this embodiment 
[0161] First, when the mobile radio unit ML001 is pow- 
ered, the mobile radio unit ML001 notifies the routing 
server RSA3 located within the communicable range by 
transmitting its ID and a registration request. The re- 
quest prompts the mobile radio unit ML001 and the rout- 
ing server RSA3 and the mobile unit managing server 
MDBSA2 that controls the routing server RSA3 and the 
mobile unit managing server MDBSA1 which is the 
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home mobile unit managing server for the mobile radio 
unit ML001 to take part in the registration authentication 
process of the mobile radio unit ML001 (step S201) so 
that the mobile radio unit ML001 is able to communicate 
inside the communications area controlled by the rout- 5 
ing server RSA3. The registration authentication proc- 
ess enables the routing server RSA3 to remember that 
the mobile radio unit ML001 is under its control, and the 
mobile unit managing server MDBSA2 to remember that 
the mobile radio unit ML001 is being controlled by the 
routing server RSA3 which is under the control of the 
mobile unit managing server MDBSA2. 
[01 62] Next, when the registration authentication 
process is completed, the routing server RSA3 trans- 
mits the ID of the mobile radio unit ML001 and a security 
information request of the mobile radio unit ML001, 
which are transmitted by the mobile radio unit ML001 
during the registration authentication process, to the 
mobile unit managing server MDBSA2 (step S202). The 
mobile unit managing server MDBSA2 transmits the ID 
of the mobile radio unit ML001 and the security informa- 
tion request of the mobile radio unit ML001 transmitted 
by the routing server RSA3 further to the mobile unit 
managing server MDBSA1 (step S203). 
[0163] Upon receiving the ID of the mobile radio unit 
ML001 and the security information of the mobile radio 
unit ML001 from the mobile unit managing server 
MDBSA2 through the receiving section 221 , the mobile 
unit managing server MDBSA1 reads the security infor- 
mation for the mobile radio unit ML001 from the security 
information storage section 223 using the security Infor- 
mation transmitting control section 222 according to the 
ID of the mobile radio unit ML001 (step S204), and at- 
taches the ID of the mobile radio unit ML001 to the se- 
curity information of the mobile radio unit ML001 to 
specify the destination and transmits these to the mobile 
unit managing server MDBSA2 (step S205). The mobile 
unit managing server MDBSA2 transmits the ID of the 
mobile radio unit ML001 and the security information for 
the mobile radio unit ML001 transmitted by the mobile 
unit managing server MDBSA1 to the routing server 
RSA3 (step S206). 

[0164] Upon receiving the ID of the mobile radio unit 
ML001 and the security information for the mobile radio 
unit ML001 through the receiving section 211 , the com- 
munication control section 212 of the routing server 
RSA3 stores the received security Information in the se- 
curity information storage section 213 (step S 207). Ac- 
cordingly, the routing server RSA3 Is able to set the se- 
curity information for the mobile radio unit ML001 by re- 
ceiving and storing the security information transmitted 
from the mobile unit managing server MDBSA1 which 
is the home mobile unit managing server for the mobile 
radio unit ML001. 

[0165] Next, after the security information has been 
entered in the routing server RSA3, a case will be con- 
sidered of transmitting the transmission data using the 
PUSH protocol from the information communications 



device HostP located within the communication region 
X. 

[0166] The information communications device 
HostP specifies a host name of the mobile radio unit 
ML001 and transmits a data transmission request, 
through the global network 100, the VPN router 11 1 , the 
firewall FW11 A, and the DNS server 11 A, to the mobile 
unit managing server MDBSA1 which is the home mo- 
bile unit managing server for the mobile radio unit 
ML001 (step S208). The mobile unit managing server 
MDBSA1 is aware that the mobile radio unit ML001 is 
under the control of the routing server RSA3 because 
of the registration authentication process in step S201 . 
Therefore, the mobile unit managing server MDBSA1 
carries out destination address resolution process (step 
S209), and by so doing, the address of the mobile radio 
unit ML001 is notified to the Information communica- 
tions device HostP so as to enable data to be transmit- 
ted from the information communications device HostP 
to the mobile radio unit ML001 , through the mobile unit 
managing server MDBSA1 and the mobile unit manag- 
ing server MDBSA2 and the routing server RSA3. 
[0167] When the address of the mobile radio unit 
ML001 Is notified from the mobile unit managing server 
MDBSA1 , the information communications device 
HostP enters the received destination and the host 
name M HostP" to show the original sender and the host 
name of the mobile radio unit ML001 and the access 
type of "PUSH" in the transmission data (step S210), 
and transmits this transmission data. The transmission 
data transmitted from the Information communications 
device HostP is transmitted to the routing server RSA3, 
based on the destination Information, through the mo- 
bile unit managing server MDBSA2, together with the 
host name of the mobile radio unit ML001 and the orig- 
inal sender address "HostP" and the "PUSH" type of ac- 
cess (steps S211 , S212). 

[0168] Upon receiving the transmission data contain- 
ing the host name of the mobile radio unit ML001 and 
the original sender address "HostP" and the "PUSH" 
type access from the Information communications de- 
vice HostP through the receiving section 21 1 , the com- 
munication control section 212 of t he routing server 
RSA3 determines whether it is permitted to transmit 
PUSH data to the mobile radio unit ML001 according to 
the received host name of the mobile radio unit ML001 
and the original sender address "HostP" and the 
"PUSH" type access (step S213). In this case, transmit- 
ting of PUSH data from the information communications 
device HostP is permitted in the security information for 
the mobile radio unit ML001 , so that the routing server 
RSA3 transmits the transmission data together with the 
Information on the original sender address "HostP" to 
the mobile radio unit ML001 (step S214). 
[0169] Next, a case will be explained of transmitting 
the transmission data from the mobile radio unit ML001 
after the security Information has been set In the routing 
server RSA3 with reference to Figure 1 6. Setting of the 
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security Information Is carried out In a manner similar to 
the process described above based on the security In- 
formation, after the registration authentication process 
is completed, and the security Information Is established 
among the routing server RSA3, the mobile unit man- 
aging server MDBSA2, and the mobile unit managing 
server MDBSA1 (notations (1), (2), (3), (4)). 
[0170] Next, a case will be considered of transmitting 
the transmission data from the mobile radio unit ML001 
to the information communications device HostP in 
which the destination is set as "HostA", the original 
sender address is set as "ML001 and the access type 
is specified as "http". The communication control sec- 
tion 212 of the routing server RSA3 determines whether 
or not it is possible to send the transmission data. That 
is, the communication control section 212 determines 
whether or not communication is possible from the orig- 
inal sender address M ML001 " to the destination "HostA" 
according to the access type "http" based on the security 
information stored in the security information storage 
section 213. in this case, the access managing Informa- 
tion is "OK" so that the communication is permitted, so 
that the transmission data is transmitted fro m the mobile 
radio unit ML001 to the information communications de- 
vice HostA (notation (5 -1)). 

[0171] On the other hand, a case will be considered 
of transmitting the transmission data from the mobile ra- 
dio unit ML001 to the information communications de- 
vice Ho stA in which the destination Is set as "HostA", 
original sender address is set as "ML001", and the ac- 
cess type is specified as "telnet". The communication 
control section 21 2 determines whether or not the trans- 
mission data is possible to be sent from the original 
sender address "MLOOr to the destination "HostA" ac- 
cording to the access type "telnet" based on the security 
information stored in the security information storage 
section 213. In this example, the access managing in- 
formation is "NG" (not good) so that the communication 
is not permitted, so that the transmission data is not 
transmitted from the mobile radio unit ML001 to the in- 
formation communications device HostA, and is dis- 
carded (notation (5 -2)). Also, It Is notified from the rout- 
ing server RSA3 to the mobile radio unit ML001 that the 
communication is not permitted. 
[0172] Also, a case will be considered of transmitting 
the transmission data from the mobile radio unit ML001 
to the Information communications device HostA in 
which the destination is set as "HostA", the original 
sender address is set as "MLOOr, and the access type 
is specified as "ftp". The communication control section 
21 2 determines whether or not the transmission data of 
the access type 'ftp" from the original sender address 
n ML001" to the destination "HostA" is possible, based 
on the security information stored In the security infor- 
mation storage section 21 3. In this example, the access 
managing information Is "OK" so that the communica- 
tion is permitted, so that the transmission data Is trans- 
mitted from the mobile radio unit ML001 to the informa- 



tion communications device HostA (notation (5 -3)). 
[0173] Next, a case will be considered of transmitting 
the transmission data from the mobile radio unit ML001 
to the information communications device HostB in 

5 which the original sender address is set as "ML001", 
the destination is set as "HostB", and the access type is 
specified as "http". The communication control section 
212 of the routing server RSA3 determines whether or 
not the transmission of data is possible. That is, the com- 

io munlcation control section 212 determines whether or 
not the communication is possible from the original 
sender address "ML001 " to the destination "HostB" ac- 
cording to the access type "http" based on the security 
information stored in the security information storage 

19 section 213. In this example, the access managing in- 
formation is "NG" (not good) so that the communication 
Is not permitted, so that the transmission data is not 
transmitted from the mobile radio unit ML001 to t he In- 
formation communications device HostB, and is dls- 

20 carded (notation (6)). It is notified from the routing server 
RSA3 to the mobile radio unit ML001 that the commu- 
nication is not permitted. 

[0174] Next, a case will be considered of transmitting 
the transmission data from the mobile radio unit ML001 

25 to the information communications device HostP and 
the information communications device HostQ in which 
the original sender address is set as "ML001", the des- 
tination Is set as "HostP" and "HostQ" , and the access 
type is specified as "http". The communication control 

30 section 212 of the routing server RSA3 determines 
whether or not the transmission of data is possible. That 
is, the communication control section 212 determines 
whether or not the communication Is possible from the 
original sender address "ML001" to the destination 

55 "HostP" and "HostQ" according to the access type "ht- 
tp", based on the security information stored in the se- 
curity Information storage section 213. In this example, 
the access managing information is "OK" so that the 
communication is permitted, so that the transmission 

40 data is transmitted from the mobile radio unit ML001 to 
the information communications device HostP and 
HostQ (notation (7)). 

[0175] Here, in the mobile unit managing server ex- 
plained above, when transmitting the security informa- 

45 tion to a routing server to set the security level, it may 
be arranged so that the access type is converted to port 
numbers to be transmitted to the routing server. By so 
doing, it is possible to combine it with other communi- 
cation services. 

50 [0176] Next, another embodiment of the present in- 
vention in the second viewpoint will be explained with 
reference to the drawings. Figure 22 is a schematic di- 
agram of the structure of the communications system, 
in this diagram, those parts that correspond to those in 

55 Figure 16 are given the same reference numbers, and 
their explanations are omitted. 
[0177] In Flgure22, a network 700 is connected to the 
global network 100 through a VPN router 222Y and the 
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firewall FW21Y. The network 700 is managed and op- 
erated by a provider Y and has a mobile unit managing 
server MDBSY1 that controls a routing server RSY1 ; a 
mobile unft managing server MDBSY2 that controls 
routing server RSY2; a mobile unit managing server 
MDBSY3that controls routing server RSY3; and domain 
name servers (DNS) 21 Y, 22Y 
[01 78] Also, a network 800 is connected to the global 
network 100 through a VPN router 333 and a firewall 
FW31Z. This network 800 is provided with the commu- 
nications system managing server 31 Z for managing the 
traveling mobile radio unit ML001 between the network 
A and the network 700. When the mobile radio unit trav- 
els to another area such that the routing server Is 
changed, the communications system managing server 
31Z stores a new Mobile-FQDN and IP address. This 
new FQDN contains information showing current asso- 
ciation of the routing server. 

[0179] Next, the operation of the communications 
system shown in Figure 22 wilt be explained. In this 
case, the operatfon of setting the security information 
for the mobile radio unit ML001 that travels between the 
communications areas of routing servers will be ex- 
plained with reference to the drawings. Figure 23 is a 
flowchart to explain the process of setting the security 
information when the mobile radio unit ML001 travels 
from a communications area controlled by the routing 
server RSA3 to a communication are a controlled by the 
routing server RSA2. 

[0180] First, after relocating from a communications 
area of the radio base station controlled by the routing 
server RSA3 to a commun ications area of the radio base 
station controlled by the routing server RSA2, the mobile 
radio unit ML001 transmits the ID of the mobile radio 
unit ML001 and a registration request to the routing 
server RSA2 through the radio base station (step S221 ). 
[01 81] The routing server RSA2 temporarily holds the 
ID of the mobile radio unit ML001 and the registration 
request transmitted by the mobile radio unit ML001 , and 
transmits the ID of the mobile radio unit ML001 and the 
registration request and the IP address of the routing 
server RSA2 to the mobile unit managing server 
MDBSA2 (step S222). 

[0182] The mobile unit managing server MDBSA2 
temporarily holds the ID of the mobile radio unit ML001 
and the registration request and the IP address of the 
routing server RSA2 transmitted by the routing server 
RSA2, and determines whether or not the mobile radio 
unit is under its control according to the ID of the mobile 
radio unit ML001 . In this case, the mobile unit managing 
server MDBSA2 is not managing the mobile radio unit 
ML001 so that, according to the Information ca ched 
when the mobile radio unit ML001 traveled to the routing 
server RSA3, the mobile unit managing server MDBSA2 
transmits the ID of the mobile radio unit ML001 and the 
registration request and the IP address of the routing 
server RSA2 to the mobile unit managing server 
MDBSA1 (stepS223). 



[0183] Upon receiving the ID of the mobile radio unit 
ML001 and the registration request and the IP address 
of the routing server RSA2 from the mobile unit manag- 
ing server MDBSA2, the mobile unit managing server 

5 MDBSA1 stores a piece of information in a memory de- 
vice that the mobile radio unit ML001 has traveled to an 
area under the control of the mobile unit managing serv- 
er MDBSA2, and retrieves the home mobile unit man- 
aging server of the mobile radio unit ML001 according 

io to the ID of the mobile radio unit ML001 . In this case, it 
is determined that the mobile radio unit MLQ01 is under 
its control. Then, the mobile unit managing server 
MDBSA1 transmits the ID of the mobile radio unit ML001 
and the authentication data to the mobile unit managing 

15 server MDBSA2 (step S224). 

[0184] The mobile unit managing server MDBSA2 
stores the ID of the mobile radio unit ML001 and the au- 
thentication data transmitted by the mobile unit manag- 
ing server MDBSA1 in a memory device, and based on 

20 the temporarily-held IP address of the routing server 
RSA2, transmits the ID of the mobile radio unit ML001 
and the authentication data transmitted by the mobile 
unit managing server MDBSA1 to the routing server 
RSA2 (step S225). 

25 [0185] The routing server RSA2 correlates and stores 
the ID of the mobile radio unit ML001 and the authenti- 
cation data transmitted by the mobile unit managing 
server MDBSA2, and transmits a registration permis- 
sion (or refusal) to serve as Information for accepting or 

30 refusing the registration of the mobile radio unit ML001 
to the mobile radio unit ML001 , through the radio base 
station according to the ID of the mobile radio unit 
ML001 (step S226). The mobile radio unit ML001 stores 
the registration permission transmitted by the routing 

35 server RSA2. Here, the process explained in steps 
S221-S226 corresponds to the registration authentica- 
tion process in Figure 21 . 

[0186] Next, when the registration authentication 
process is completed, the routing server RSA2 trans- 

^0 mits the ID of the mobile radio unit ML001 and asecurity 
Information request to the mobile unit managing server 
MDBSA2. Subsequently, the steps S227, S228, S229, 
S230, S231 , and S232 are carried out in a manner sim- 
ilar to the steps S202-S207 In Figure 21 , and the security 

45 Information of the mobile radio unit ML001 is entered in 
the routing server RSA2. 

[0187] Accordingly, even when the mobile radio unit 
ML001 travels In different areas controlled by routing 
servers, the security information can be similarly set in 

so each routing server. 

[0188] Next, still another embodiment of the present 
invention in the second viewpoint will be explained. In 
this example, the process of setting the security infor- 
mation when a mobile radio unit ML001 travels from a 

55 communications area controlled by a routing server 
RSA2 to a communications area controlled by a routing 
server RS A4 will be explained with reference to the flow- 
chart in Figure 24. 
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[0189] First, when the mobile radio unit ML001 
traveled from a communications area of the radio base 
station controlled by the routing server RSA2 to a com- 
munications area of the radio base station controlled by 
the routing server RSA4, the mobile radio unit ML001 
transmits the ID of the mobile radio unit ML001 and a 
registration request to the routing server RSA4 which is 
the routing server at the destination (step S241). The 
routing server RSA4 temporarily holds the ID of the mo- 
bile radio unit ML001 and the registration request trans- 
mitted by the mobile radio unit ML001 , and transmits the 
ID of the mobile ra dio unit ML001 and the registration 
request and the IP address of the routing server RSA4 
to a mobile unit managing server MDBSA3 (step S242). 
The mobile unit managing server MDBS A3 temporarily 
holds the ID of the mobile radio unit ML001 and the reg- 
istrar on request and the IP address of the routing server 
RSA4 transmitted by the routing server RSA4, and de- 
termines whether or not the routing server is under Its 
control according to the ID of the mobile radio unit 
ML001. 

[0190] lii this case, the mobile unit managing server 
MDBSA3 is not controlling the mobile radio unit ML001 , 
so that the ID of the mobile radio unit ML001 and a des- 
tination address resolution request and the IP address 
of mobile unit managing server MDBSA3 are transmit- 
ted to the domain name server DNS11A(step S243). 
The domain name server DNS11 A determines whether 
or not the routing server Is under Its own control accord- 
ing to the ID of the mobile radio unit ML001 . 
[0191] In this case, the domain name server DNS11 A 
is managing the mobile radio unit ML001, so that it is 
detected according to the ID of the mobile radio unit 
ML001 that the home mobile unit managing server of 
the mobile radio unit ML001 Is the mobile unit managing 
server MDBSA1 , and the I P of the mobile unit managing 
server MDBSA1 Is transmitted to the mobile unit man- 
aging server MDBSA3 as the destination address reso- 
lution response (step S244). Upon receiving the desti- 
nation address resolution response, the mobile unit 
managing server MDBS A3 transmits the ID of the mo- 
bile radio unit ML001 and an authentication request and 
the IP address of the mobile unit managing server 
MDBS A3 to the mobile unit managing server MDBSA1 
(step S246). The mobile unit managing server MDBSA1 
temporarily holds the ID of the mobile radio unit ML001 
and the authentication request and the I P address of the 
mobile unit managing server MDBSA3 transmitted by 
the mobile unit managing server MDBSA3. Then, the 
mobile unit managing server MDBSA1 finds that the mo- 
bile radio unit ML001 is under Its control according to 
the ID of the mobile radio unit ML001 , and the authen- 
tication data to notify that the mobile radio unit ML001 
has been authenticated and the ID of the mobile radio 
unit ML001 are transmitted to the mobile unit managing 
server MDBS A3 (step S246). 
[0192] The mobile unit managing server MDBS A3 
temporarily stores, and transmits the authentication da- 



ta and the ID of the mobile radio unit ML001 transmitted 
by the mobile unit managing server MDBSA1 , based on 
the temporarily-held IP address of the routing server 
RSA4 (step S247). The routing server RSA4 correlates 

s and stores the ID of the mobile radio unit ML001 and the 
authentication data, and transmits a registration permis- 
sion (or refusal) to serve as information for accepting or 
denying registration to the mobile radio unit ML001 ac- 
cording to the ID of the mobile radio unit ML001 , through 

10 the radio base station (step S248). 

[0193] Next, when the registration authentication 
process Is completed, the routing server RSA4 trans- 
mits the ID of the mobile radio unit ML001 and the se- 
curity information to the mobile unit managing server 

15 MDBSA3. Subsequently, the steps S249, S250, S251 , 
S252, S253, and S254 are carried out in a manner sim- 
ilarto the steps S202-S207in Figure21, and the security 
information of the mobile radio unit ML001 Is entered in 
the routing server RSA4. 

20 [0194] Accordingly, even when the mobile radio unit 
ML001 travels in different areas of routing servers con- 
trolled by a different mobile unit managing server, the 
security information can be similarly set In the routing 
server at the travel destination. 

25 [0195J Next, still another embodiment of the present 
invention In the second viewpoint will be explained. In 
this embodiment, in the communications system shown 
in Figure 22, a case relates to a mobile radio unit ML001 
traveling thro ugh different networks. In this case, an ex- 

30 ample relating to the mobile radio unit ML001 traveling 
from a communications area controlled by the routing 
server RSA2 to a commu nications area controlled by the 
routing server RSY1 will be explained using Figure 26. 
Figure 25 is a flowchart to explain the operation when 

35 the mobile radio unit ML001 travels through different 
networks. 

[0196] First, after relocating in a communications area 
of a radio base station of routing server SY1 , the mobile 
radio unit ML001 transmits the ID of ML001 and a reg- 

40 istration request to the routing server RSY1 through the 
radio base station (step S261). 
[0197] The routing server RSY1 temporarily holds the 
ID of the mobile radio unit ML001 and the registration 
request transmitted by the mobile radio unit ML001 , and 

^5 transmits the ID of the mobile radio unit ML001 and the 
registration request and the IP address of the routing 
server RSY1 to the mobile unit managing server 
MDBSY1 (step S262). 

[0198] The mobile unit managing server MDBSY1 
so temporarily holds the ID of the mobile radio unit ML001 
and the registration request and the IP address of the 
routing server RSY1 transmitted by the routing server 
RSY1 , and determines whether or not the routing server 
is under Its control according to the ID of the mobil e 
55 radio unit ML001. In this case, the mobile unit managing 
server MDBSY1 is not managing the mobile radio unit 
ML001 so that the mobile unit managing server 
MDBSY1 transmits the ID of the mobile radio unit ML001 
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and a destination address resolution request and the IP 
address of the mobile unit managing server MDBSY1 to 
the domain name server DNS21Y (step S263). 
[0199] The domain name server DNS21 Y determines 
whether or not the routing server is under its control ac- 5 
cording to the ID of the mobile radio unit ML001 trans- 
mitted by the mobile unit managing server MDBSY1 . In 
this case, the mobile radio unit ML001 is not under its 
control so that a destination address resolution re- 
sponse to notify that the mobile radio unit ML001 is not 
under its control Is transmitted to the mobile unit man- 
aging server MDBSY1 (step S264). Upon receiving the 
destination address resolution response from the do- 
main name server DNS21, the mobile unit managing 
server MDBSY1 transmits the ID of the mobile radio unit 
ML001 and the authentication request and the IP ad- 
dress of the mobile unit managing server MDBSY1 to 
the communications system managing server 31 Z, 
through the firewall FW21 Y, the VPN router 222Y, the 
global network 100, the VPN router 333, and the firewall 
FW31Z(step S265). 

[0200] Upon receiving the ID of the mobile radio unit 
ML001 and the registration request and the IP address 
of the mobile unit managing server MDBSY1 , the com- 
munications system managing server 31Z stores that 
the mobile radio unit ML001 has traveled to an area un- 
der the control of the mobile unit managing server 
MDBSY1 , and retrieves the home mobile unit managing 
server of the mobile radio unit ML001 according to the 
ID of the mobile radio unit ML001 . In this case, it is de- 
tected that the home mobile unit managing server of the 
mobile radio unit ML001 is the mobile unit managing 
server MDBSA1. Then, the communications system 
managing server 31 Z transmits the ID of the mobile ra- 
dio unit ML001 and the registration request and the IP 
address of the communications system managing serv- 
er 31Z to the mobile unit managing server MDBSA1, 
through the firewall FW31 Z, the PVN router333, the glo- 
bal network 100, the VPN router 111, and the firewall 
FW11A(step S266). 

[0201] The mobile unit managing server MDBSA1 
temporarily holds the ID of the mobile radio unit ML001 
and the registration request and the IP address of the 
communications system managing server 31 Z transmit- 
ted by the communications system managing server 
31 Z. Then, the mobile unit managing server MDBSA1 
finds that the mobile radio unit ML001 Is under Its control 
according to the ID of the mobile radio unit ML001 , and 
transmits the authentication data to Indicate that the mo- 
bile radio unit ML001 has been authenticated and the 
ID of the mobile radio unit ML001 to the communica 
tions system managing server 31 Z, through the firewall 
FW11A, the VPN router 111, the global network 1 00, the 
VPN router 333, and the firewall FW31Z (step S267). 
[0202] The communications system managing server 
31 Z transmits the authentication data and the ID of the 
mobile radio unit ML001 transmitted by the mobile unit 
managing server MDBSA1 to the mobile unit managing 



server MDBSY1, based on the temporarily-held IP ad- 
dress of the mobile unit managing server MDBSY1, 
through the firewall FW31Z,thePVN router 333, the glo- 
bal network 100, the VPN router 222Y, and the firewall 
FW21Y(step S268). 

[0203] The mobile unit managing server MDBSY1 
correlates and stores the ID of the mobile radio unit 
ML001 and the authentication data transmitted by the 
communications system managing server 31 Z, and 
transmits the ID of the mobile radio unit ML001 and the 
authentication data to the routing server RSY1 , based 
on the temporarily-held IP address of the mobile unit 
managing server MDBSY1 (step S269). The routing 
sewer RSY1 correlates and stores the ID of the mobile 
radio unit ML001 and the authentication data transmit- 
ted by the mobile unit managing server M DBS Y1 .trans- 
mits a registration permission (or refusal) to serve as 
information for accepting or re fusing the registration ac- 
cording to the ID of the mobile radio unit ML001 (step 
S270). The mobile radio unit ML001 stores the registra- 
tion permission transmitted by the routing server RSY1 . 
[0204] When the steps to S270 in the registration au- 
thentication process are completed, the routing server 
RSY1 transmits the ID and a security information re- 
quest for the mobile radio unit ML001 to the mobile unit 
managing server MDBSY1 (step S271). 
[0205] The mobile unit managing server MDBSY1 
transmits the ID and the request for the security infor- 
mation of the mobile radio unit ML001 transmitted by the 
routing server RSY1 to the communications system 
managing server Z31 through the firewall FW21 Y, the 
VPN router 222Y, the global network 1 00, the VPN rout- 
er 333, and the firewall FW31 Z (step S272). At this time, 
because the mobile unit managing server MDBSY1 had 
received the destination address resolution response in 
step S264 from the domain name server DNS21 Y, the 
request for the security Information are transmit ted to 
the communications system managing server 31 Z (step 

5272) . 

[0206] The communications system managing server 
31 Z transmits the received ID and the request for the 
security information of the mobile radio unit ML001 to 
the mobile unit managing server MDBSA1 according to 
the ID of the mobile radio unit ML001 , through the fire- 
wall FW31Z, the PVN router 333, the global network 
100, the VPN router 111, and firewall FW11A (step 

5273) . 

[0207] Upon receiving the ID of the mobile radio unit 
ML001 and the request for the security information of 
the mobile radio unit ML001 from the communications 
system managing server 31 Z t the mobile unit managing 
server MDBSA1 accesses the security information ac- 
cording to the ID of the mobile radio unit ML001 (step 

5274) . Then, the obtained security information for the 
mobile radio unit ML001 and the ID of the mobile radio 
unit ML001 are transmitted to the communications sys- 
tem managing server 31Z, through the firewall FW11A, 
the VPN router 111, the global network 100, the VPN 
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router 333, and the firewall FW31Z (step S275). 
[0208] The communications system managing server 
31Z transmits the security information of the mobile ra- 
dio unit ML001 and the ID of the mobile radio unit ML001 
transmitted by the mobile unit managing server 
MDBSA1 to the mobile unit managing server MDBSY1 , 
through the firewall FW31 Z, the VPN router 333, the glo- 
bal network 100, the VPN router 222Y, and the firewall 
FW2lY(step S276). 

[0209] The mobile unit managing server MDBSY1 
transmits the securfty information and the ID of the mo- 
bile radio unit ML001 transmitted by the c ommunlca- 
tions system managing server 31 Z to the routing server 
RSY1 (step S277); The routing server RSY1 correlates 
and stores the ID and the security Information of the mo- 
bile radio unit ML001 transmitted by the mobile unit 
managing server MDBSY1 (step S278). 
[0210] By carrying out the process described above, 
the mobile radio unit ML001 located in a communica- 
tions area served by the radio base station controlled by 
the routing server RSY1 Is able to communicate at the 
same security level as when it was under the control of 
the mobile unit managing server MDBSA1 . That is, even 
when traveling through different networks, the same se- 
curity level provided by the home routing server can be 
set in a communications area under the control of a rout- 
ing server at the destination. 

[0211] Here, In the embodiments described above, 
the authentication data and the security information 
were transmitted separately, but it is permissible to at- 
tach the security information to the authentication data 
so as to carry out registration authen tication operation 
and the security information setting operations at the 
same time. 

[0212] Also, in the embodiments explained above, the 
IDs for identifying mobile radio units and host names are 
stored in the security storage section 223 of a mobile 
unit managing server (for example, the mobile unit man- 
aging server MDBSA1), but in addition to the IDs and 
host names, the IP address and the FQDN and the Mo- 
biie-FQDN may also be stored. That is, any type of in- 
formation, not limited to the ID and the host names, Is 
acceptable so long the information is able to establish 
the Identity of a mobile radio unit. 
[0213] F° r example, in step S210 in Figure 21 , when 
transmitting the transmission data, the information com- 
munications device HostP specifies the destination by 
a host name of a mobile radio unit ML001 , but the host 
name may be replaced with an IP address to specify the 
mobile radio unit ML001. in this case, in the security 
storage section 13 of the routing server RSA3, the IP 
addresses are stored in addition to host names. Then, 
the transmission data are transmitted using the IP ad- 
dress. 

[0214] In the embodiments explained above, the net- 
work A and the network 700 use the same communica- 
tions system In Figure 22, but when the system is used 
by two different firms, and when the mobile radio unit 



ML001 travels to the network 700, security problems are 
created between the mobile radio unit ML001 and the 
network 700 used by a different firm. However, by using 
the communications system described above, commu- 
s nication is possible while ensuring security even among 
different firms. In this case, the security information to 
restrict access can be provided to a traveling mobile ra- 
dio unit ML001 . 

[0215] By so doing, if it is required for a firm that mo- 
te? bile radio units roam and move into a communications 
area that cannot be covered by itself, communication 
may be provided using a network belonging to the other 
firm while maintaining the required security level, that 
Is, by restricting the access. 
« [0216] By so doing, a plurality of firms can participate 
In reducing the cost of constructing a network and cum- 
bersome managing. 

[0217] Also, the capabilities of the communication 
control section 212, the security information storage 

20 section 213 shown in Figure 17, and the security infor- 
mation transmitting control section 222 and the security 
information storage section 223 may be performed by 
recording application programs for performing the proc- 
esses, and loading the programs in a computer system 

25 for execution. A computer system, In this context, in- 
cludes any operating systems (OS) and peripheral hard 
wares. 

[0218] A computer system may also include the use 
of world wide webs and home page portals (or display 

50 environment). 

[0219] Computer readable recording media include 
portable media such as floppy disks, opto-magnetic 
disks, ROMs, CD-ROMs, as well as fixed devices such 
as hard disks housed In computer systems. The com- 

35 puter readable recording media further include short 
-term dynamic memories (transmission media inclusive 
of wave signals) used In transmitting applications 
through such means as networks such as the Internet 
or telephone circuits, as well as other short-term mem- 

40 ories such as volatile memories used in servers and cli- 
ent computer systems. The application programs may 
perform a part of the described capabilities, or may be 
operated in conjunction with pre-recorded programs 
stored in computer systems. 

45 [0220] The embodiments in the present invention 
have been described above in detail with reference to 
the drawings, but the specific structures are not limited 
to those disclosed in the embodiments, and include any 
designs within the scope of the present invention. 

so [0221] In the following, an embodiment of the present 
invention in the third viewpoint will be explained with ref- 
erence to the drawings. Figure 26 is schematic block 
diagram of the structure of the communications system 
based on the area managing server provided in this em- 

55 bodiment. in this diagram, a network A and a network C 
are connected to the global network 1 00. 
[0222] The mobile unit managing server MDBSA1 
manages the identifiers (IDs) and the IP addresses of 
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the routing servers RSA1-RSA2 and the radio base sta- 
tions (not shown) under its control, and manages also 
the ID, the Moblle-FQDN, the FQDN, and the security 
Information of the mobile radio unit ML001 . A mobile unit 
managing server MDBSC3 manages the respective IDs 5 
and IP addresses of a routing server RSC4, a routing 
server RSC11, radio base stations, mobile radio units 
and terminals. 

[0223] RSA1, RSA2, RSC4 and RSC11 are routing 
servers, and each Is in contact with at least one radio 10 
base station to provide routing of IP packets, In this em- 
bodiment, the routing servers RSA1 and RSA2 are man- 
aged by the mobile unit managing server MDBSA1 , and 
the routing servers RSC4, RSC11 are managed by the 
mobile unit managing server MDBSC3. The domain ts 
name servers 11 A and 12A convert the domain name to 
the IP address. 

[0224] The mobile radio unit ML001 is connected to 
the information terminal HostX such as computer or 
PDA and is connected to the routing server RSA1 20 
through the radio base station. Also, this mobile radio 
unit ML001 is provided with a preset identifier (the ID). 
In this example, it is assumed that the home mobile unit 
managing server for the mobile radio unit ML001 is the 
mobile unit managing server MDBSA1 . 25 
[0225] Area managing server AMA1 is connected be- 
tween the mobile unit managing server MDBSA1 and 
the routing servers RSA1 and RSA2. The area manag- 
ing serverAMC3 is connected between the mobile unit 
managing server MDBSC3 and the routing servers so 
RSC4 and RSC11. 

[0226] The network B is provided with a communica- 
tions system managing server B10 for managing the 
travel of the mobile radio unit ML001 that travels through 
the network A to the network C. The communications 35 
system managing server B10 stores a new Mo- 
bile-FQDN and IP address of a routing server when it 
travels Into a communications area controlled by a rout- 
ing server that is different from the routing server man- 
aged by the home mobile unit managing server. This *o 
new Mobile-FQDN contains information set in the mo- 
bile radio unit to indicate its current association. 
[0227] The structure of the routing server RSA1 is the 
same as that of the routing server shown in Figure 17, 
and the explanation is here omitted. The routing server 45 
RSA1 is provided with a security information storage 
section 213 as shown In Figure 17. An example of the 
security information stored in the security information 
storage section 21 3 is shown in Figure 27. As shown in 
this diagram, the security information contains correlat- so 
ed information, as in Figure 18, on the ID and the host 
name of the mobile radio unit for Identification (MRID 
and MRHN in Figure 27), the host name of the commu- 
nications device to identify the destination communica- 
tions device (CDHN), an access type information to ^5 
specify protocols, communication services and commu- 
nication capabilities for connecting to the destination 
communications device (AT), an access managing in- 



formation for specifying the type of communication ca- 
pability, and the access managing information for per- 
mitting or denying access between the destination de- 
vice and the mobile radio unit (AMI). In this embodiment, 
the security information is associated with further infor- 
mation on the network currently connected by the mo- 
bile radio unit which contains the name of the network 
with which the mobile radio unit is currently affiliated (CN 
in Figure 27). Setting of access types such as "http", "tel- 
net 1 , "ftp", "ALL", "PUSH", and setting of access man- 
aging information such as "OK" and "NG U in Figure 27 
are the same as those shown in Figure 1 8 so that their 
explanations are omitted. 

[0228] Here, in Figure 27, only one mobile radio unit 
having a host name "ML001" is shown, but the security 
information for another mobile radio units that are con- 
trolled by the same routing server are Included therein. 
[0229] Also, the structures of otherthe routing servers 
RSA2, RSC4,and RSC11 are the same as the structure 
of routing server RSA1 . 

[0230] The structure of the mobile unit managing 
server MDBSA1 is the same as that explained In Figure 
19, and specific explanations are omitted. 
[0231 ] The security storage section 223 stores the se- 
curity information for permitting or denying communica- 
tion with a destination communications device for each 
mobile radio unit that has the mobile unit managing serv- 
er MDBSA1 as its home mobile unit managing server. 
[0232] An example of the security information stored 
in the security information storage section 223 is shown 
in Figure 28. The security information shown in Figure 
28 includes those similar to ones shown in Figure 20, 
the ID and the host name of the mobile radio unit (MRID 
and MRHN in Figure 28), the host name of the commu- 
nications devices (CDHN), the access types (AT), and 
the access managing information (AMI). The security In- 
formation In this embodiment is associated with further 
information on the network currently connected by the 
mobile radio unit which contains the name of the net- 
work with which the mobile radio unit is currently affili- 
ated (CN in Figure 28). 

[0233] Here, by setting access restrictions for each af- 
filiated network for mobile radio units, access restriction 
can be altered depending on the current association of 
a mobile radio unit. Setting of the network name for the 
currently affiliated network of a mobile radio unit is car- 
ried out by management of the mobile radio unit at the 
time of init ial registration of the mobile radio unit, and 
when a change occurs in the security information, the 
contents of the setting of the mobile unit managing serv- 
erfor the mobile radio unit are changed. Accordingly, by 
setting access restrictions for each currently affiliated 
network for the mobile radio units, use of the Extranet 
becomes possible as in the network based on extension 
of the Intranet. For example, in an Intranet, various in- 
formation is accessible at the level of the head office 
and branch stores, but an environment may be created 
such that at the level of subsidiary and related company, 
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access Is permitted at restricted levels even when con- 
nected to an external network. This type of system op- 
eration is applicable to currently affiliated network name 
stored In the security information storage section 213 
described above as well as in the security information s 
storage section 333 which will be described later. 
[0234] Next, the area managing server AMC3 in Fig- 
ure 26 will be explained with reference to the drawings. 
Figure 29 is a schematic block diagram of the structure 
of the area managing server AMC3. In this diagram, a 
receiving section 331 receives the security information 
transmitted from mobile unit managing server to a rout- 
ing server. 

[0235] A security information managing section 332 
receives the security Information transmitted from the 
home mobile unit managing server to a routing server 
of a terminal locating at a travel destination through the 
receiving section 331 , and stores the received security 
information in the security information storage section 
333, and when the terminal travels from an area of the 
routing server at the travel destination to an area of a 
routing server not managed by the home mobile unit 
managing server, it reads the security information stored 
in the security information storage section 333, and the 
obtained security information is transmitted by the trans- 
mitting section 334 to the routing server at the travel des- 
tination. 

[0236] The transmitting section 334 transmits the se- 
curity information to the destination routing server ac- 
cording to instructions from the security information 
managing section 332. 

[0237] The security information storage section 333 
stores the security Information according to instructions 
from the security information managing section 332. An 
example of the security Information stored in the security 
information storage section 333 is shown in Figure 30. 
The security information stored in the security informa- 
tion storage section 333, similar to the security Informa- 
tion stored in the mobile unit managing server as shown 
in Figure 28, correlates and stores the IDs of the mobile 
radio units (MRID), the host name of the mobile radio 
units (MRHN), the name of currently affiliated network 
by the mobile radio unit (CN), the hostname of the com- 
munications devices (CDHN), the access types (AT), 
and the access managing information (AMI). 
[0238] Here, the structure of the area managing serv- 
er AMA1 shown In Figure 26 Is the same as that of the 
area managing server AMC3, so the explanation is omit- 
ted. 

[0239] Next, the operation of the area managing serv- 
er AMC3 having the structure shown in Figure 26 will be 
explained with reference to the drawings. This example 
relates to the operation of the area managing server 
AMC3 after the mobile radio unit ML001 once commu- 
nicated, while having been affiliated with the routing 
server RSA1 of the network A, and the mobile radio unit 
ML001 travels to a region controlled by a routing server 
RS C4 of network C, and then travels further to a region 



controlled by a routing server RSC11, Also, in this case, 
the IP address is presumed to be a global IP address. 
[0240] Figure 31 is a diagram of the operational se- 
quence of the radio communications system. 
[0241] First, the mobile radio unit ML001 that had 
been communicating under the control of the routing 
server RSA1 of the network A travels to a region con- 
trolled by the routing server RSC4 in the network C, then 
the mobile radio unit ML001 notifies the routing server 
RSC4 within a communicable range by transmitting its 
ID and a registration request (step S301). Upon receiv- 
ing the ID of the mobile radio unit ML001 and the regis- 
tration request of the mobile radio unit ML001 from the 
mobile radio unit ML001, the routing server RSC4 gen- 
erates a random number, and transmits the random 
number and the ID of the mobile radio unit ML001 and 
the authentication request to the area managing server 
AMC3 (step S302). The area managing server AMC3 
transmits the received random number and the ID of the 
mobile radio unit ML001 and the registration request to 
the mobile unit managing server MDBSA1 through the 
communications system managing server B10 (step 
S303). 

[0242] The mobile unit managing server MDBSA1 
carries out the authentication process using the re- 
ceived ID of the mobile radio unit ML001 , and when the 
authentication process is completed correctly, com- 
putes a random number based on the received random 
number and using a specific computation rule, then the 
computed random number and the ID of the mobile radio 
unit ML001 and the authentication data to show the 
completion of authentication are transmitted to the area 
managing server AMC3 through the communications 
system managing server B10 (step S304). 
[0243] The area managing server AMC3 transmits the 
result of random number computation and the ID oft he 
mobile radio unit ML001 and the authentication data 
transmitted by the mobile unit managing server 
MDBSA1 further to the routing server RSC4 (step 
S305). 

[0244] The routingserver RSC4, after transmitting the 
authentication data and others to the area managing 
server AMC3 in step S302, transmits a duplicate of the 
random number obtained In step S302 to the mobile ra- 
dio unit ML001 (step S306). In the mobile radio unit 
ML001 , a computation using the same rule as that used 
by the mobile unit managing server MDBSA1 is carried 
out based on the duplicate random number. The routing 
server RSC4 receives the computed random number 
computed in the mobile radio unit ML001 (step S307). 
Then, the routing server RSC4 compares the random 
number transmitted from the area managing server 
AMC3 with the computed random number transmitted 
from the mobile radio unit ML001 , and when the num- 
bers are identical, registration for the mobile radio unit 
ML001 is accepted, and a registration permission notice 
Is transmitted to the mobile radio unit ML001 (step 
S308). 
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[0245] By following such process, the mobile radio 
unit ML001 is able to communicate Inside a communi- 
cations area controlled by the routing server RSC4. The 
authentication process enables the routing server RSC4 
to store that the mobile radio unit ML001 is under its s 
control and enables the mobile unit managing server 
MDBSA1 to store that the mobile radio unit ML001 is 
under the control of the routing server RSC4. 
[0246] Further, the routing server RSC4 transmits the 
ID of the mobile radio unit ML001 that has completed w 
registration and a security information transmission re- 
quest is forwarded to the area managing server AMC3 
(step S309). 

[0247] The area managing server AM C3 transmits the 
ID of the mobile radio unit ML001 and the security infor- « 
mation transmission request to the mobile unit manag- 
ing server MDBSA1 through the communications sys- 
tem managing server B1 0 (step S31 0). 
[0248] Upon receiving the ID of the mobile radio unit 
ML001 and the security information transmission re- 20 
quest from the area managing server AMC3 f the mobile 
unit managing server MDBSA1 reads the security infor- 
mation corresponding to the ID of the mobile radio unit 
ML001 from the security information storage section 
223, and this security information, together with the ID 25 
of the mobil e radio unit ML001, Is transmitted to the 
area managing sewer AMC3 through the communica- 
tions system managing server B10 (step S311). 
[0249] The area managing server AMC3 stores the ID 
of the mobile radio unit ML001 and the security informa- so 
tion transmitted fro m the mobile unit managing server 
MDBSA1 in the security information storage section 333 
using the security information managing section 332 
(step S312) r and transmits the packet to the routing 
server RSC4 (step S 31 3). 55 
[0250] The routing server RSC4 stores the ID of the 
mobile radio unit ML001 and the security information 
transmitted from the area managing server AMC3 in the 
security information storage section 213. Accordingly, 
the routing server RSC4 is able to set the security infor- *o 
mation for the mobile radio unit ML001 by obtaining and 
storing the security information from the mobile unit 
managing server MDBSA1 which is the home mobile 
unit managing server of the mobile radio unit ML001. 
Then, when the mobile radio unit ML001 attempts to car- 
ry out communlcatl on with another terminal, the routing 
server RSC4 controls whether or not to establish con- 
nection according to this security information. Accord- 
ingly, communication can be established if the access 
managing information is "OK", and communication can- so 
not be established if the access managing information 
Is "NG" (not good). 

[0251] Next, when the mobile radio unit ML001 travels 
from a communications area controlled by the routing 
server RSC4 to a communications area controlled by ss 
the routing server RSC11 , the mobile radio unit ML001 
transmits the ID of the mobile radio unit ML001 and a 
registration request to the routing server RSC11 (step S 



31 4). Subsequently, similar to the steps S302-S308 de- 
scribed above, authentication process is carried out be- 
tween the mobile unit managing server MDBSA1 and 
the routing server RSC1 1 , and between the routing serv- 
er RSC11 and the mobile radio unit ML001 (steps S315, 
S316, S317, S318, S319, S320, and S321). 
[0252] When the authentication process is complet- 
ed, the routing server RSC11 transmits the ID of the mo- 
bile radio unit ML001 and the security information re- 
quest to the area managing server AMC3 (step S322). 
Upon receiving the ID of the mobile radio unit ML001 
and the security information request from the routing 
server RSC11, the security information managing sec- 
tion 332 of the area managing server AMC3 reads the 
security information of the mobile radio unit ML001 from 
the security Information storage section 333 according 
to the received ID of the mobile radio unit ML001 (step 
S 323), and the obtained security information is trans- 
mitted to the routing server RSC11 (step S 324). 
[0253] Accordingly, by storing the security information 
in the area managing server AMC3, it is possible to 
transmit the security information to a routing server at 
the travel destination, without having the security infor- 
mation transmitted from the mobile unit managing serv- 
er MDBSA1 for every travel of the mobile radio unit 
ML001 . Therefore, transmitting of the security informa- 
tion can be completed within the network C so that the 
load on the global network 100 and the network A can 
be reduced. Also, it enables suppression of information 
leakage by reducing the flow of the security Information 
Into the global network 100, and further, to reduce the 
time required for data reception. 
[0254] Next, the process of determining whether or 
not to establish communication based on the security 
Information will be explained with reference to Figure 32. 
[0255] For example, when the transmission data ad- 
dressed to communications device HostAis transmitted 
by the mobile radio unit ML001 specifying "HostA" as 
the destination, "ML001" as the original sender, "http" 
as the access type, the communication control section 
21 2 of the routing server RSC1 1 determines whether or 
not the transmission data can be transmitted. That is, 
the communication control section 212 determines 
whether transmitting of data of access type "http" is pos- 
sible from the mobile radio unit ML001 to communica- 
tions device HostA based on the security information 
stored in the security Information storage section 213. 
In this case, the access managing information is "OK" 
so that communication is permitted and the transmis- 
sion data is transmitted from the mobile radio unit 
ML001 to the communications device HostA (notation 
(D). 

[0256] On the other hand, when the transmission data 
addressed to the communications device HostA is 
transmitted by the mobile radio unit ML001 specifying 
"HostA" as the destination, "ML001" as the original 
sender, "telnet" as the access type, communication con- 
trol section 212 of the routing server RSC11 determines 
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whether or not the transmission data can be transmitted. 
That is, communication control section 212 determines 
whether or not transmitting data of the access type "tel- 
net" is possible from the mobile radio unit ML001 to the 
communications device HostA based on the security In- 
formation stored in the security information storage sec- 
tion 213, In this case, the access managing information 
is "NG" (not good) so that communication is not permit- 
ted and the transmission data Is not transmitted from the 
mobile radio unit ML0Q1 to the communications device 
HostA, and the packets are discarded, (notation (2)). Al- 
so, notification is transmitted from the routing server 
RSA3 to the mobile radio unit ML001 that communica- 
tion has been denied. 

[0257] Also, when the transmission data addressed 
to the communications device HostA is transmitted by 
the mobile radio unit ML001 specifying "HostA" as the 
destination, "MLOOr as the original sender, "ftp" as the 
access type, the communication control section 21 2 de- 
termines whether or not transmitting the data of the ac- 
cess type "ftp" is possible from the mobile radio unit 
ML001 to the communications device HostA ba6ed on 
the security information stored In the security Informa- 
tion storage section 21 3. In this case, the access man- 
aging infonmalion is "OK" so that communication is per- 
mitted and the transmission data is transmitted from the 
mobile radio unit ML001 to the communications device 
HostA (notation (3)). 

[0258] Next, in Figure 26, a case of transmitting the 
transmission data from the communications device 
HostY to the mobile radio unit ML001 under the control 
of the routing server RSC11 will be explained with ref- 
erence to Figure 33. Figure 33 is a flowchart of the proc- 
ess of transmitting th e transmission data from the com- 
munications device HostY to the mobile radio unit 
ML001 under the control of the routing server RSC11 . 
In this case, it is presupposed that the mobile radio unit 
ML001 has already traveled In a communications area 
under the control of the routing server RSC1 1 , and that 
the authentication process to the routing server RSC1 1 
has been completed, 

[0259] First, the commu nlcatlons device HostY trans- 
mits a FQDN of the mobile radio unit ML001 (for exam- 
ple, ml 001 .mdbsal .providera) which is the target of the 
destination address resolution and a destination ad- 
dress resolution request and the IP address of the com- 
munications device HostY to the domain name server 
11 A (step S331). 

[0260] Upon receiving the FQDN of the mobile radio 
unit ML001 and the destination address resolution re- 
quest and the IP address of the communications device 
HostY, the domain name server 11 A temporarily holds 
the received FQDN of the mobile radio unit ML001 and 
the destination address resolution request and the IP 
address of the communications device HostY, deter- 
mines whether or not the mobile radio unit ML001 Is un- 
der its control according to the FQDN of the mobile radio 
unit ML001 , in this case, because the mobile radio unit 



ML001 is not under its control, the domain name server 
1 1 A transmits the temporarily-held FQDN of the mobile 
radio unit ML001 and the destination address resolution 
request and the IP address of the communications de- 
5 vice HostY to the mobile unit managing server MDBSA1 
(step S332). 

[0261] Upon receiving the FQDN of the mobile radio 
unit ML001 and the destination address resolution re- 
quest and the IP address of the communications device 
HostYf rom the domain name server 1 1 A, the mobile unit 
managing server MDBSA1 temporarily holds the re- 
ceived FQDN of the mobile radio unit ML001 and the 
destination address resolution request and the IP ad- 
dress of the communications device HostY, and deter- 
mines whether or not the mobile radio unit ML001 is un- 
der its control according to the FQDN of the mobile radio 
unit ML001 , in this case, because the mobile radio unit 
ML001 is not under Its control, the mobile unit managing 
server MDBSA1 transmits the temporarily-held FQDN 
of the mobile radio unit ML001 and the destination ad- 
dress resolution request and the IP address of the com- 
munications device HostY to the communications sys- 
tem managing server B10 (step S333). 
[0262] The communications system managing server 
B10 temporarily holds the FQDN of the mobile radio unit 
ML001 and the destination address resolution request 
and the IP address of the communications device HostY 
transmitted by the mobile unit managing server 
MDBSA1 , and then finds that the routing server of the 
mobile radio unit ML001 after relocation is the routing 
server RSC11 , as well as the Mobile-FQDN (for exam- 
ple, ml 001, mdbsal .providera.rsdl.providerc) to indi- 
cate its current association according to the FQDN of 
the mobile radio unit ML001 . 

[0263] Then, the communications system managing 
server B10 transmits the detected Mobile-FQDN of the 
mobile radio unit ML001 (for example, 
m1001 .mdbsal ,providera.rsc11 .providers) and the 
destination address resolution request, to the area man- 
aging server AMC3 connected to the routing server 
RSC11 (stepS334). 

[0264] Upon receiving the Mobile-FQDN and the des- 
tination address resolution request from the communi- 
cations system managing server B10, because the mo- 
bile radio unit ML001 is under the control of the routing 
server RSC11 , the area managing server AMC3 trans- 
mits the destination address resolution request as the 
traveling node information request together with the Mo- 
bile-FQDN of the mobile radio unit ML001 to the routing 
server RSC11 (step S335). 

[0265] Upon receiving the Mobile-FQDN of the mobile 
radio unit ML001 and the traveling node information re- 
quest from the area managing server AMC3, because 
the mobile radio unit ML001 is under its control, the rout- 
ing server RSC11 transmits the Mobile -FQDN and the 
IP address of the mobile radio unit ML001 and the ad- 
dress registration request to the communications sys- 
tem managing server B10. 
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[0266] The communications system managing server 
B10 correlates and stores the Mobile-FQDN and the IP 
address of the mobile radio unit ML001 (step S336). 
[0267] On the other hand, the routing server RSC11 
further transmits a traveling node information response 
to the area managing server AMC3 to Inform that the 
traveling node information request has been received 
and that the address registration request has been 
transmitted to the communications system managing 
server B10 (step S337). 

[0268] Upon receiving the traveling node information 
response and the Mobile-FQDN of the mobile radio unit 
ML001 from the routing server RSC11, the area man- 
aging server AMC3 transmits a destination address res- 
olution response and the Mobile-FQDN of the mobile ra- 
dio unit ML001 to the communications system manag- 
ing server B10 (step S338). 

[0269] Upon receiving the destlnatioh address reso- 
lution response and the Mobile-FQDN of the mobile ra- 
dio unit ML001 from the area managing server AMC3, 
the communications system managing server BtO de- 
termines whether or not there is an IP address regis- 
tered to correspond to the Mobile-FQDN of the mobile 
radio unit ML001 . In this case, the IP address of the mo- 
bile radio unit ML001 Is retrieved. Then, the communi- 
cations system managing server B10 transmits the IP 
address of the mobile radio unit ML001 as the destina- 
tion address resolution response to the mobile unit man- 
aging server MDBSA1 (step S339). 
[0270] The mobile unit managing server MDBSA1 
transmits the IP address of the mobile radio unit ML001 
transmitted by the communications system managing 
server B10 to the domain name server 11 A as the des- 
tination address resolution response (step S340). 
[0271] Upon receiving the IP address of the mobile 
radio unit ML001 from the mobile unit managing server 
MDBSA1 as the destination address resolution re- 
sponse, the domain name server 11 A transmits the re- 
ceived the IP address of the mobile radio unit ML001 to 
the communications device HostYasthe destination ad- 
dress resolution response (step S341). 
[0272] By following the process described above, the 
IP address of the mobile radio unit ML001 at the travel 
destination is notified to the communications device 
HostY. Accordingly, the communications device HostY 
is able to transmit the transmission data and others to 
the mobile radio unit ML001 as necessary (steps S342, 
S343), 

[0273] In another embodiment instead of the embod- 
iment described above, when the network A and the net- 
work C shown in Figure 26 are used by different firms 
while sharing the same radio communications system, 
and when the mobile radio unit ML001 travels from the 
network A to the network C, a security problem is cre- 
ated between the mobile radio unit ML001 and the net- 
work C are used by a different firm. However, secure 
communication Is enabled by using the radio communi- 
cations system described above. In this case, it Is pos- 



54 

sible to preset certain security information that restricts 
access to a mobile radio unit ML001 traveling on the net- 
work. 

[0274] By so doing, If it is required for a firm that mo- 
5 bile radio units roam and move into a communications 
area that cannot be covered by itself, communication 
may be provided using a network belonging to the other 
firm while maintaining the required security level, that 
is, by restricting the access. 
10 [0275] By so doing, a plurality of firms can participate 
in reduc Ing the cost of constructing a network and cum- 
bersome managing. 

[0276] In the embodiments explained above, the IP 
address Is a global IP address, but within an network, it 
f* is permissible to use a local IP address. In this case, a 
firewall or a routing server may be provided with NAT 
capability. 

[0277] Also, In the embodiments explained above, the 
area managing server AM C3 and the mobile unit man- 
20 aging server are separate entities, but It is permissible 
to provide the mobile unit managing server with area 
managing server capability. 

[0278] Also, In the embodiments explained above, 
communication is carried out between a communica- 

25 tions device connected to a global network and a mobile 
radio unit connected to a terminal, however, as shown 
in Figure 34, the mobile radio unit may be replaced by 
a mobile radio router 5a, that allows a plurality of termi- 
nals 51 -5n to be connected, to communicate with the 

30 communications device provided on the global network 
side. In such a case, mobile radio router 5a stores infor- 
mation necessary to establish communication between 
the terminals and other communications device such as 
the IP addresses of terminals 51 -5n affiliated to itself the 

55 FQDNs, the IDs, and the number of registered terminals 
connected to itself so as to enable authentication of ter- 
minals by the mobile radio router 5a. 
[0279] Further, In Figure 34, mobile radio router 5a 
and one or more of the terminals 51 -5n may be encased 

40 in a common casing. Also, communication between the 
mobile radio router and the terminals may be carried out 
by radio signals, or through wired connections. 
[0280] Also, the capabilities of the security informa- 
tion managing section 332 as shown in Figure 29, the 

<5 communication control section 212 as shown in Figure 
17, and the security information transmitting control sec- 
tion 222 in Figure 19 may be performed by recording 
application programs for performing the processes, and 
loading the programs in a computer system for execu- 

50 tion. A computer system, In this context, Includes any 
operating systems (QS) and peripheral hardwares. 
[0281] A computer system may also Include the use 
of world wide webs and home page portals (or display 
environment). 

55 [0282] Computer readable recording media include 
portable media such as floppy disks, opto-magnetic 
disks, ROMs, CD-ROMs, as well as fixed devices such 
as hard disks housed in computer systems. The com- 
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puter readable recording media further include short- 
term dynamic memories (transmission media Inclusive 
of wave signals) used in transmitting applications 
through such means as networks such as the Internet 
or telephone circuits, as well as other short-term mem- 5 
orles such as volatile memories used in servers and cli- 
ent computer systems. The application programs may 
perform a part of the described capabilities, or may be 
operated in conjunction with pre-recorded programs 
stored in computer systems. 10 
[0283] The embodiments in the present invention 
have been described above in detail with reference to 
the drawings, but the specific structures are not limited 
to those disclosed In the embodiments, and include any 5. 
designs within the scope of the present invention, is 



Claims 

1. A radio communications system for a plurality of 20 
networks connected to a global network comprised 

of essential components, for each network, includ- 
ing at least one routing server and a radio base sta- 
tion connected to the routing server to communicate 
using radio signals with a mobile radio unit connect- 25 
ed to a terminal, wherein 

a communications system managing server is 
provided for managing addresses of the mobile ra- 
dio unit traveling between the networks. 

so 

2. A radio communications system according to claim 
1, wherein the communications system managing 
server further performs a security managing oper- 
ation to determine whether or not to permit commu- 
nication of the mobile radio unit travell ng between 35 
the networks with other communications devices. 6. 

3. A radio communications system according to claim 
1 , wherein when one mobile radio unit or a host con- 
nected to one of the networks attempts to commu- 40 
nlcate with another mobile radio unit connected to 
another network, in response to a destination ad- 
dress resolution request transmitted from the one 
mobile radio unit or the host, an Internet Protocol 
address allocated to the other mobile radio unit by 

a routing server currently connected to the other 
mobile radio unit is notified to the one mobile radio 
unit or the host. 

4. A communications system managing server which so 
is provided fn a radio communications system for a 
plurality of networks connected to a global network 
comprised of essential components, for each net- 
work, including at least one routing server and a ra- 
dio base station connected to the routing server to 55 
communicate using radio signals with a mobile ra- 7. 
dio unit connected to a terminal, and Is so connect- 
ed to the global network wherein 



when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate 
with another mobile radio unit connected to another 
network, and if a destination address resolution Is 
required, in response to a destination address res- 
olution request transmitted from the one mobile ra- 
dio unit or the host, an Internet Protocol address al- 
located to the other mobile radio unit by a routing 
server currently connected to the othermobile radio 
unit is notified to the one mobile radio unit or the 
host by the communications system managing 
server. 

A communications system managing server which 
is provided in a radio communications system for a 
plurality of networks connected Jo a global network 
comprised of essential components, for each net- 
work, inclu ding at least one routing server and a 
radio base station connected to the routing server 
to communicate using radio signals with a mobile 
radio unit connected to a terminal, and is so con- 
nected to the global network wherein 

when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate 
with another mobile radio unit connected to another 
network and is controlled by a routing server that is 
not controlled by a home mobile unit managing 
server, and if a destination address resolution Is re- 
quired, an Internet Protocol address allocated to the 
other mobile radio unit by the routing server that is 
not controlled by the home mobile unit managing 
server is notified to the one mobile radio unit or the 
host by the communications system managing 
server. 

A method for managing a mobile radio unit traveling 
between networks in a radio communications sys- 
tem for a plurality of networks connected to a global 
network comprised of essential components, for 
each network, including at least one routing server 
and a radio base station connected to the routing 
server to communicate using radio signals with a 
mobile radio unit connected to the terminal wherein 
when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate 
with another mobile radio unit connected to another 
network and is controlled by a routing server that is 
not controlled by a home mobile unit managing 
server, and if a destination address resolution is re- 
quired, an Internet Protocol address alloca ted to 
the other mobile radio unit by the routing server that 
is not controlled by the home mobile unit managing 
server is notified to the one mobile radio unit or the 
host. 

A method for managing a mobile radio unit accord- 
ing to claim 6, wherein the communications system 
managing server further performs a security man- 
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aging operation to determine whether or not to per- 
mit communication of the mobile radio unit traveling 
between the networks with other communications 
devices. 

5 

8. A recording medium having a computer-readable 
program for managing a mobile radio unit traveling 
between networks in a radio communications sys- 
tem for a plurality of networks connected to a global 
network comprised of essential components, for 10 
each network, including at least one routing server 
and a radio base station connected to the routing 
server to communicate using radio signals with the 
mobile radio unit connected to a terminal, wherein 

the computer-readable program executes a proc- is 
ess in such a way that, 

when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate 
with another mobile radio unit connected to another 
network and is controlled by a routing server that is 20 
not controlled by a home mobile unit managing 
server, and it a destination address resolution is re- 
quired, an Internet Protocol address allocated to the 
other mobile radio unit by the routing server that is 
not controlled by the home mobile unit managing 25 
server is notified to the one mobile radio unit or the 
host. 

9. A recording medium according to claim 8, wherein 

the computer -readable program further comprises 30 
a process for performing a security managing oper- 
ation to determine whether or not to permit the mo- 
bile radio unit traveling between networks to com- 
municate with another communications device. 

35 

10. A mobile radio unit managing program formanaglng 
a mobile radio unit traveling between networks In a 
radio communications system for a plurality of net- 
works connected to a global network comprised of 
essential components, for ea ch network, including *o 
at least one routing server and a radio base station 
connected to the routing server to communicate us- 
ing radio signals with a mobile radio unit connected 

to a terminal, wherein the mobile radio unit manag- 
ing program executes a process in such a way that, 
when one mobile radio unit or a host connect- 
ed to one of the networks attempts to communicate 
with another mobile radio unit connected to another 
network and is controlled by a routing server that is 
not controlled by a home mobile u nit managing &> 
server, and if a destination address resolution is re- 
quired, an Internet Protocol address allocated to the 
other mobile radio unit by the routing server that is 
not controlled by the home mobile unit managing 
server is notified to the one mobile radio unit or the & 
host. 

11. A mobile terminal managing program according to 



claim 10, wherein the mobile terminal managing 
program includes a process for managing security 
operation to determine whether or not to permit the 
mobile radio unit traveling between the networks to 
communicate with another communications device. 

12. A routing server in a communications system hav- 
ing at least one routing server connected to a net- 
work for connecting to a radio base station to com- 
municate using radio signals with a mobile radio unit 
connected to an information terminal, comprising: 

a first security Information storage device for 
storing the security information to instruct 
whether or not to permit communication be- 
tween the mobile radio unit and an information 
communications device connected to the net- 
work; and 

a communication control device to control, 
when It is necessary to establish communica- 
tion between the mobile radio unit and the in- 
formation communications device, whether or 
not to establish communication between the 
mobile radio unit and the information commu- 
nications device, based on the security infor- 
mation stored in the first security information 
storage device. 

13. A mobile unit managing server which is provided in 
a communications system having at least one rout- 
ing server connected to a network for connecting to 
a radio base station to communicate using radio sig- 
nals with a mobile radio unit connected to an infor- 
mation terminal, and is connected to the routing 
server, comprising: 

a second security information storage device 
for storing the security Information to Instruct 
whether or not to permit each mobile radio unit 
affiliated with the mobile unit managing server 
as its home mobile unit managing server to 
communicate with an information communica- 
tions device connected to the network; and 
a security information transmitting control de- 
vice to control transmitting of the security infor- 
mation In such a way that when the mobile radio 
unit travels and a connecting routing server is 
changed, in response to a security information 
transmission request from the connecting rout- 
ing server, reads out the security information 
stored In the second security information stor- 
age device and transmits the readout security 
information to the connecting routing server. 

14. An area managing server for serving in a network 
of a radio communications system that includes a 
plurality of networks connected to a global network 
and having at least one routing server connected to 
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the network; a radio base station connected to the 
routing server and communicating using radio sig- 
nals with a mobile radio unit connected to a termi- 
nal; and a mobile unit managing server for manag- 
ing the security Information for determining whether 5 
or not to permit the mobile radio unit and a commu- 
nicatl ons device connected to the network to com- 
municate with each other; wherein the area manag- 
ing server obtains the security information from a 
home mobile unit managing server of the mobile ra- to 
dio unit, and transmits the obtained security infor- 
mation to a rou ting server at the travel destination, 
which is controlled by the area managing server and 
which is located outside of a home network of the 
mobile radio unit, comprising: 15 

a memory device for storing the security infor- 
mation; 

an information managing device for managing 
the security Information in such a way that the 20 
security information transmitted from the home 
mobile unit managing server to a routing server 
at the travel destination is received and stored 
in the memory device, and, when the mobile ra- 
dio unit travels further from a communications 25 
area of the routing server at the travel destina- 
tion to a communications area of another rout- 
ing server controlled by the area managing sev- 
er, the area managing server responds to a se- 
curity information transmission request trans- 30 
mitted from the other routing server, and reads 
out the security information of the mobile radio 
unit stored in the memory device and transmits 
readout the security Information to the other 
routing server. 35 

15. An area managing server according to claim 14, 
wherein, when the mobile radio unit travels to a 
communications area controlled by another routing 
server not controlled by the home mobile unit man- *o 
aging server, prior to the information managing de- 
vice transmitting the security information, an au- 
thentication process of the mobile radio unit is com- 
pleted between the other routing server not control- 
led by the home mobile unit managing server and 45 
the home mobile unit managing server. 

16. A method of operating a radio communications sys- 
tem that includes a plurality of networks connected 

to a global network and having at least one routing so 
server connected to a network; a radio base station 
connected to the routing server and communicating 
using radio signals with a mobile radio unit connect- 
ed to a terminal; a mobile unit managing server for 
managing the security information for determining 55 
whether or not to permit the mobile radio unit and a 
communications device connected to the network 
to communicate with each other; and an area man- 



aging server for obtaining the security information 
from a home mobile unit managing se rver of the mo- 
bile radio unit, and transmitting the obtained secu- 
rity information to a routing server at the travel des- 
tination, which is controlled by the area managing 
server and which is located outside of a home net- 
work of the mobile radio unit; wherein 

the security information transmitted from the 
home mobile unit managing serverto a routing serv- 
er at the travel destination is received and stored, 
and, when the mobile radio unit travels further from 
a communications area of the routing server at the 
travel destination to a communications area of an- 
other routing server controlled by the area manag- 
ing sever, the area managing server responds to a 
security information transmission request transmit- 
ted from the other routing server, and reads out the 
security information of the mobile radio unit stored 
in the memory device, and transmits the readout se- 
curity information to the other routing server. 

17. A communication program for execution by a com- 
puter to operate a radio communications system 
that includes a plurality of networks connected to a 
global network and having at least one routing serv- 
er connected to a network; a radio base station con- 
nected to the one routing server and communicat- 
ing using radio signals with a mobile radio unit con- 
nected to a terminal; a mobile unit managing server 
for managing the security information for determin- 
ing whether or not to permit the mobile radio unit 
and a communications device connected to the net- 
work to communicate with each other; and an area 
managing server for obtaining the security Informa- 
tion from a home mobile unit managing server of 
the mobile radio unit, and transmitting the obtained 
security information to a routing server at the travel 
destination, which is controlled by the area manag- 
ing server and which is located outside of a home 
network of the mobile radio unit; the program Includ- 



a step of receiving the security information 
transmitted from the home mobile unit manag- 
ing server to the routing server atthe travel des- 
tination; and 

a step of transmitting the security information, 
when the mobile radio unit travels further from 
a communications area of the routing server at 
the travel destination to a communications area 
of another routing server at the travel destina- 
tion controlled by the area managing sever, by 
reading out and transmitting the security infor- 
mation of the traveling mobile radio unit stored 
in the memory device to the other routing server 
atthe travel destination, in response to a secu- 
rity Information transmission request transmit- 
ted from the other routing server at the travel 
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destination. 

18. Acomputer-readable recording medium having a 
communication program for execution by a compu- 
ter to operate a radio c ommunications system that s 
includes a plurality of networks connected to a glo- 
bal network and having at least one routing server 
connected to a network; a radio base station con- 
nected to the one routing server and communicat- 
ing using radio signals with a mobile radio unit con- 10 
nected to a terminal; a mobile unit managing server 
for managing the security information for determin- 
ing whether or not to permit the mobile radio unit 
and a communications device connected to the net- 
work to communicate with each other; and an area is 
managing server for obtaining the security informa- 
tion from a home mobile unit managing server of 
the mobile radio unit, and transmitting the obtained 
the security information to a routing server at the 
travel destination, which is controlled by the area 20 
managing server and which is located outside of a 
home network of the mobile radio unit; the program 
including: 

a step of receiving the security information 25 
transmitted from the home mobile unit manag- 
I ng server to the routing server at th e travel des- 
tination; and 

a step of transmitting the security information, 
when the mobile radio unrt travels further from 30 
a communications area of the routing server at 
the travel destination to a communications area 
of another routing server at the travel des tina- 
tion controlled by the area managing sever, by 
reading out and transmitting the security infor- 35 
mation of the traveling mobile radio unit stored 
in the memory device to the other routing server 
at the travel destination, in response to a secu- 
rity information transmission request transmit- 
ted from the other routing server at the travel to 
destination. 
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